Assessing an Inside Attacker’s Access
Sage’s Internal Penetration Test is designed to demonstrate what a potential attacker could access if given a device or devices connected to your organization’s internal network. Using a defined connection and scope, our experts will use a set of sophisticated attack techniques to try to gain access to your valuable systems.
This testing will allow us to:
- Identify weaknesses in the network and system architecture.
- Identify potential exploits and entry points into critical devices and systems.
- Identify system- and application-specific vulnerabilities, including lax access controls.
- Exploit identified vulnerabilities (authorization required).
- Test the strength of existing intrusion detection and response systems.
- Fulfill requirements of applicable regulations and compliance standards.
- Provide recommendations for mitigating the vulnerabilities we’ve discovered.
The Sage Methodology
Sage has crafted and honed our internal penetration testing methods through years of experience performing these kinds of tests, and through attending courses and earning multiple certifications in penetration testing. Here are our guidelines:
- We will not test physical security controls, and will always require access to the building.
- We conduct our testing using a combination of automated and manual tools, commercial and open source applications, and proprietary tools and testing mechanisms.
- We will not attempt attacks known to cause a denial of service (DoS).
- All testing is conducted by certified personnel, and we do not subcontract any part of the testing.
- We will let you know each day by email when the testing will begin and end; you may choose to schedule testing during non-business hours.
- At the conclusion of this testing, Sage may suggest additional testing, if warranted.
Only certified Sage personnel are authorized to conduct our testing, which we perform using commercial and open source applications both automated and manual, as well as internally developed proprietary tools and testing mechanisms. We never subcontract any part of our testing.
Reports and Recommendations
The Internal Penetration Test Report includes:
- A summary of the findings presented in an executive report in PDF.
- A corresponding interactive HTML report detailing vulnerabilities by severity and per device.
- An action plan in Microsoft Word detailing our recommended remediation activities.