We Find a Way into Your Systems — So That Others Never Will
Penetration testing is an essential security measure for any organisation serious about safeguarding its business data, systems and processes from attacks.
How we keep you protected
Intersys offers an independent penetration testing service for SMEs and enterprise organisations. Clients come to us when they need a level of confidence about the security of their infrastructure or new software in development.
Our highly qualified engineers routinely perform authorised attacks on clients’ IT environments to reveal vulnerabilities. We offer all three standard penetration testing services — black, grey and white box testing. The type you choose depends on your organisation’s risk appetite and the criticality of your system or application. Here’s a quick summary of what each one involves.
Black – box testing
This is a type of legal, ethical hacking where we mimic the actions of an external hacker who doesn’t have access to your internal networks. This test reveals weaknesses in your systems that are easy to breach from outside the network. As black box tests are performed with the least knowledge of the system or application, they are often the simplest and most cost effective. However, internal vulnerabilities can go undetected.
This is a more detailed test where we recreate the actions of a user who has access and knowledge of your internal systems. It’s a more in-depth and targeted investigation of your network’s security.
The most comprehensive level of testing we offer. It thoroughly checks for internal and external weaknesses in your application or system. A white-box test allows us access to your source code and all relevant documentation for the systems. We then review the code to determine likely vulnerabilities.
Apart from the three standard types of PEN tests, we also offer social engineering attack mitigation training where we train your staff to recognise and prevent social engineering attacks.
A risk based approach
We use a risk-based methodology and prioritise vulnerability mitigation based on business impact and the likelihood of an attack. It’s all about understanding the context of your business so that we can focus on your most critical areas. Our business-led approach ensures that the penetration test reveals urgent weaknesses in your IT that you can then rectify. The benefits of penetration testing include:
- Maintaining business continuity
- Managing internal and external risk
- Complying with auditors, clients or third party vendors
- Being confident about your infrastructure and system security
Once the PEN test is completed, our clients receive a full actionable report which is completely tailored to their needs. We use a standard risk-based approach to classifying vulnerabilities as Red/Amber/Green, thus classifying weaknesses from high and medium to low priority.
The first draft of the report contains a set of findings, which allows clients to rectify any straightforward or critical issues. We then generate the final report, which consequently shows a better result. Our clients appreciate this approach as it gives them phased control over how they address their vulnerabilities.