Internal Penetration Testing & Server Audit.

 

Get a quote

The internal threat is ever more real, malicious insiders come in all shapes, sizes and salaries. From the graduate smuggling trade secrets to the exiting Director sharing company information with competitors. The Big data world is a huge gaming zone for hackers, crackers and social engineering professionals.

Internal threats can include:

  • The Rogue Employee – These suspects are usually well trained with a number of motivations and the aim of stealing valuable data.

 

  • Inadvertent User – Not the most I.T aware of suspects and usually innocent but with access to your system, the inadvertent user makes up a good proportion of data breaches.
  • Fired or Disgruntled Worker – The person who steals your contact list or leaves backdoor user accounts to retain access.

 

  • 3rd Party – Temporary employees, contractor or visitors may pose innocent breaches or see value in the data they access
  • The Guru – This is the individual who innocently wants to have their workstation available from home, they fire up their own proxy to bypass local security and contravene usage policies. They are generally very committed to your business and mean no harm but in the process expose your company’s data security.
  • The Night Cleaner – Criminals and social engineers wouldn’t think twice about taking this post to gain access to your building and server room.

Ask Yourself

null
Can an internal user gain access to the entire internal network and all the information contained herein
null
Can anyone access sensitive data internally and externally
null
Are you sure your firewalls are really securing your digital assets
null
Could a cleaner obtain a password
null
Are all your privilege levels secure
null
Is your 3rd party access model robust

Why DigitalXRAID

Our staff are qualified in their fields, holding years of experience in infrastructure roles from support to senior management. Experience is backed by well known certification including; ISO 27001 lead implementer, CCIE Security, CISSP to name a few. All our testers are trained to our stringent requirements for Check Team Member Status.

Each of our customers is a business partner we have steered safely out of the path of the cyber security threats so commonly seen in the media. We not only deliver a quality service but want to ensure we form an on-going relationship to provide constant protection for your digital assets. We pride ourselves on customer service and adding value to your operation. We are always keen to hear your ideas on how we can better our services and we can tailor bespoke packages to help solve your ICT problems.

Our staff are skilled at servicing and communicating with both large blue chip corporate enterprises or start-ups and SME’s, thoroughly understanding the needs of both. We bring industry leading services to anyone with the desire to secure and harden their digital assets. We pride ourselves in bringing corporate level services within the reach of business of all sizes and budgets. All business large or small is at risk to cyber security breach. Business leaders need partnerships with security experts to ensure they are not the ones caught out by malicious brand damage or information theft.

We have worked with technical, creative and non-technical specialists to create an easy to digest report. The aim is that our report can easily be interpreted by technical and non-technical senior stakeholders. All reports are peer reviewed in line with ISO9001 quality standards prior to submission, to ensure the utmost quality and clarity.

Our pricing structure is clearly presented in every quote. The scope of the project will be clear to ensure both parties know exactly what the key deliverable are, how long it will take and the costs.

Each of our customers is a business partner we have steered safely out of the path of the cyber security threats so commonly seen in the media. We not only deliver a quality service but want to ensure we form an on-going relationship to provide constant protection for your digital assets. We pride ourselves on customer service and adding value to your operation. We are always keen to hear your ideas on how we can better our services and we can tailor bespoke packages to help solve your ICT problems.

Benefits (Internal Penetration Testing)

  • Conducted by certified experienced professionals
  • Clients benefit from out testing teams real-world experience
  • Fully customised testing protocols
  • We simulate the behaviour and thinking of a real-world attacker
  • Vulnerabilities fully exploited to reveal true risk to the business
  • Time is spent to exactly interpret the system logic and identify flaws.
  • Our External and Internal Penetrations Testing satisfies PCI DSS 11.3. “Penetration testing should include network and application layer testing as well as controls and processes around the networks and applications, and should occur from both outside the network trying to come in (external testing) and from inside the network.”
  • Our web application testing satisfies PCI DSS requirement 6.6 “Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least annually and after any changes”

Engagement Process

Our services can be split into a number of different product suites. Each service is conducted with the appropriate set of expertise and tools; however the engagement process is the same. Our processes and procedures are in line with ISO 9001 (Quality Management System), ISO 27001 (Information Security Management) and other industry standards. Here at DigitalXRAID, we practice what we preach.

Our Testing Methodology

Our Testing Methodology