Penetration Testing is an external technical assessment of an organization and its ability to repel cyber attacks. Penetration tests determine whether an adversary’s specific security goals can be achieved through actual vulnerability exploitation—and are performed using the same techniques a cybercriminal would use. Examples of such goals could be stealing data, modifying data, or escalating privileged access to a specific system. Penetration testing is not a vulnerability assessment tool used to identify all security issues; conversely, it evaluates the existing protections regarding each specific security goal. Penetration testing is most effectively utilized for an organization with a mature security posture.
Impervious can help determine which and when an organization should execute a penetration test. Conducting a penetration test on an organization with a low or medium security program maturity will result in an ineffective, incomplete, and potentially dangerously misleading assessment report. Ensure that your organization’s security program is mature, that several vulnerability assessments have been conducted, and that all identified issues have been remediated prior to conducting penetration testing.
Penetration Testing services include:
- Physical verification of your security mitigations and policies to ensure the integrity of your company’s security posture;
- Customized testing to meet your organization’s specific needs based on threats and past mitigations;
- The performance of an authorized targeted attack on your organization to expose potential gaps in your existing security posture; and
- A confidential penetration test report, including an analysis of actions performed and vulnerabilities exploited—provided only to the designated individual(s) within your organization.