External Network Penetration Testing
An external network penetration test is performed from the position of an external attacker with limited knowledge of the network infrastructure and systems.
The goal is to identify vulnerabilities in any hosts or devices that are accessible from the Internet within the IP block tested. The footprint of an organisation also extends beyond the IP Address ranges supplied to them by their ISP. Considering that many businesses have outsourced arrangements for web hosting, have or are in the processing of migrating to cloud based email (Office 365/G Suite) and consume a range of enterprise cloud products including public cloud (AWS, Azure, GCP etc) it becomes imperative to have a broader view of the risk profile of the business.
Sense of Security can run intensive information gathering exercises to determine the public profile of your business including the key staff and suppliers that form part of your ecosystem.
Defence through external penetration testing.
An external network penetration test will determine actual vulnerabilities against defined and real threats (threat intelligence-based testing) and will provide the following outcomes
- Improves your security posture (whether regulatory/compliance driven or the increasing threat of cyber-attacks) to reduce the impact and frequency of security incidents
- Include scorecards against leading benchmarks where relevant. e.g. ACSC Essential 8
- Identify the extent to which your perimeter is augmented by suppliers and outsourcing arrangements and consumption of cloud products
- Provides a security roadmap and action plan detailing how to resolve issues; and
- Creates a significant level of confidence in the security of your Cyber Security environment through increased awareness of the need for appropriate technical and governance controls