ConnectDS CREST Penetration Testing Services
To identify weaknesses before attackers do, ConnectDS’ security operations centre carries out penetration testing assessments by organising a coordinated real-time simulated cyber attack using our CREST accredited professional team of ethical hackers to attack business systems. This simulated cyber attack aligns to penetration testing frameworks and provides assurance for the purposes of business safety and compliance.
We offer a fully consultative service to work with your business to understand your current cyber incident response process and provide both data security remediation advice and data protection advice. We do this by understanding your environment, limitations, and business requirements for security testing. Our pen testing services identify vulnerabilities and measures their effect through safe exploitation. Based on your objectives, our penetration testing can be either:
- External Penetration Test – Our security experts target your internet facing business assets using specialist penetration testing tools to identify security vulnerabilities and weaknesses that could be leveraged by an attacker at your network perimeter.
- Internal Penetration Test – Our security professionals simulate an attack in your internal network and behind the firewall. This provides insight to vulnerabilities of business systems that communicate with external networks or systems that attackers may have direct access to upon local network access via a successful system compromise or direct network access.
ConnectDS formalise the statement of work with the security consent needed before performing any testing work – this statement makes sure all participants are aware of the process, timelines, and assessment scope.
Throughout the testing process, our pen testers collate all testing stages and findings into the main report which will outline the necessary action that you must take in the short-term. The report includes insights for essential measures that you should take as part of an ongoing strategy to minimise security risks and reduce the chance of a successful cyber incident to a minimum. Post technical delivery we provide clients with a formal penetration test report that contains details on your current security posture, along with remediation advice and mitigation strategies.
If it is determined that there is reassessment required, ConnectDS offer retest penetration testing services to validate remediation of vulnerabilities previously identified in the initial penetration test report. We also perform social engineering assessments to measure the susceptibility of staff members of clicking a targeted email; this identifies the risk of employees clicking on suspicious links and phishing campaigns and allows for tailored staff security training.