Internal network penetration tests
The insider threat and privilege misuse.
Insiders continue to be one of the biggest threats to any organisation’s information security – ranging from staff accidentally losing or damaging data to malicious actors stealing information or compromising systems. Effective penetration testing can mitigate losses caused by these types of breaches, or even prevent them altogether.
Data losses can occur across a wide range of content, formats and avenues – from documents to databases to electronic or physical breach – and organisations can use an internal network penetration test to help identify internally vulnerable resources and plug them accordingly. This helps to prevent internal users from bypassing physical and logical controls, ensuring your organisation is adequately protected from the inside.
Why is testing the internal network so important?
There are two types of threat you need to isolate and plan for in order to effectively mitigate insider threats:
- Insider error – resulting from ignorant staff and contractors who are unaware of their security obligations and procedures.
- Insider wrongdoing – resulting from staff with authorised access or former employees whose access hasn’t been revoked maliciously accessing the system./li>
Performing regular penetration tests can help you mitigate both issues, with the tests identifying any misconfiguration that would enable staff to access information and inadvertently or deliberately leak it online, as well as any other assets exposed to unauthorised access.
Want to know more about internal penetration testing?
To find out more about our penetration testing services, get in touch with one of our experts today.
Speak to an expert
Did you know?
Insider Threat Intelligence Report, Dtex Systems (2017)
- 64% of companies found publicly accessible sensitive corporate information on the web.
- 56% of organisations experience potential data theft by leaving or joining employees.
Insider threats are among the most difficult for enterprises to detect and stop. One of the main reasons for this is the sheer scope for attacks. It include everything from staff accidentally losing or damaging data, to malicious actors stealing information or compromising systems.
Internal users often bypass physical controls designed to protect computer resources. For most organisations, this means the internal network is where they are most vulnerable.
Benefits of an internal network penetration test
Our penetration tests will help you:
- Gain real-world insight into your vulnerabilities;
- Identify what information a rogue employee could exploit;
- Determine whether partner organisations access more internal resources than you intended;
- Identify any patches that need to be installed;
- Harden your access controls; and
- Enable encryption or choose a more secure protocol.
Is an internal network penetration test right for you?
If you are responsible for your internal network, you should ask yourself:
- Are your workstations and devices secure?
- Is there a risk to your network from weak/default passwords?
- Can someone on the inside gain access to the entire internal network?
- Do you suffer from information leakage?
- Have you assessed your intranet application for vulnerabilities?
- Are your systems adequately patched?
- Is your third-party access robust?
Our engagement process
Our CREST-accredited penetration testers follow an established methodology based primarily upon the OSSTMM (Open Source Security Testing Methodology Manual) security risks. This approach will emulate the techniques of an attacker using many of the same readily available tools.
- Scoping: Before testing, our account management team will discuss your assessment requirements for your internal network to define the scope of the test.
- Reconnaissance: The tester will enumerate your network assets within the scope of the engagement and identify any holes in your firewalls to ensure network segmentation.
- Assessment: Using the information identified in the initial phase, we test the network for potential vulnerabilities. This will provide your organisation with
- Reporting: The test results will be fully analysed by an IT Governance certified tester and a full report will be prepared for the customer that sets out the scope of the test and the methodology used, along with the risks identified.
- Re-test: We can provide access to our testers and the raw test data to support and expedite remediation. We can also retest your systems so that you can be sure all identified issues have been successfully resolved.
How IT Governance can help you
We’ve pioneered making penetration testing simple to understand and easy to buy.
You can choose the level of penetration test to meet your budget and technical requirements.
Clearly written reports that are easy to understand by engineering and management teams alike.
CREST-accredited penetration testing services provide the technical assurance you require.
Companies using our penetration testing services
Speak to an expert
For more information and guidance on penetration testing or packages IT Governance offers, please contact our experts who will be able to discuss your organisations needs further.