Infrastructure Assessments
Infrastructure assessments can cover both your internal and external networks to ensure any flaws that may lead to compromise are found.
These assessments can be conducted in a variety of ways and it is really down to what you require to determine how we go about it.
To understand the ways, take a look at the sections below.
External Assessments
If a real world attacker is going to breach your organisation, it’s very likely that this is their point of entry. An attacker is either going to locate an outdated or misconfigured service, or they will send crafted phishing emails. In either case, this is highly likely to lead to internal network access and severe consequences.
Our Grizzly experts have conducted thousands of these assessments, it’s our bread and butter. All of our experts have the experience to know where to look and will certainly find any deep rooted issues, if they are present. We also understand that there is at least some value in running commercial scanning tools and so, to compliment our manual approach, we run scans too. This way, we cover all the bases from hard to find logical flaws to low hanging fruit.
Getting started with an external infrastructure assessment is easy. We simply need a list of your external IP addresses.
If it is a phishing assessment you need, we can take a list of email addresses from you. Or we can go completely manual and find them ourselves.
Internal Assessments
Real world attackers commonly gain entry to an organisation through phishing emails or stolen corporate devices. Should an attacker gain this level of access, are you protected against this? We can help you determine that through a variety of assessments, depending on your requirements.
At the most basic level, Grizzly can perform a penetration test against a subsection of your internal assets. This will determine if they are secured against the kind of compromise described above. We can also go further and test all of your internal assets or create a scenario assessment.
An example scenario assessment would be an insider threat. In this scenario, a corporate laptop and/or a user account has been compromised. Grizzly can then assess the level of access an attacker would be able to achieve should this scenario really occur. It’s quite typically and shockingly, domain administrator.
Vulnerability Assessments
Vulnerability testing is the most basic level of security testing that we offer. This assessment is usually conducted to tick off a compliance checklist box or it is used as a means to understand the current state of a network, before more thorough security assessments are conducted.
Vulnerability testing uses commercial scanning tools to look over a network for low hanging fruit issues, such as misconfigurations, outdated systems or well known flaws. These are then reviewed by an expert to ensure false positives are disregarded.
We recommend this assessment if you have a specific compliance requirement or are new to security auditing.
Continuous Assessments
Do you work in a organisation where your networks are constantly changing through various project developments or other reasons?
Then continuous testing is likely to be something to consider.
Grizzly will test your anything you require on a continuous schedule to ensure that issues are never present long enough to be exploited by attackers.
Whether its daily, weekly, monthly or otherwise, we have you covered.
Custom Assessments
There may be multiple areas you need to cover as part of your requirements. We can tailor testing to exactly what you need.
Just get in touch and we can discuss how is best to approach your requirements.