
Strong foundations
Our work begins before testing starts. We take the time to get to know your business so we can devise the strategy that’s perfect for you.
Companies are currently facing an average of 1,185 phishing attacks every month
Identify vulnerabilities in your system before cyber criminals can
Help with prioritising your cyber security risks and future investments
Eliminate the high cost of network downtime cause by an attack
Meet compliance and regulatory requirements, such as ISO 27001 and GDPR
Improve your team's awareness and understanding of cyber security risks
96% OF OUR RECENT ASSESSMENTS IDENTIFIED VULNERABILITIES
49% OF THEM CONTAINED HIGH RISKS
38% WERE AUTHENTICATION AND ACCESS RELATED
8,900 BUSINESS RISKS WERE REMEDIATED LAST YEAR
Our work begins before testing starts. We take the time to get to know your business so we can devise the strategy that’s perfect for you.
We don’t rely solely on machine-led analysis, but on experts who validate the data and make decisions based on their findings.
We understand long-term relationships provide better results for you and us, which explains our commitment to excellent client service.
We take complex issues and present them in a simple way, giving you a clear view of what needs addressing and how we can protect you.
We have a passion for finding hidden threats. Learning about new cyber security technologies and trends just doesn’t feel like work to us.
You will receive a hard copy report, we highlight the risk level and priority to your business of every threat - something that can’t be done with automated reporting.
How it works
We take the time to understand your business and define your cyber security challenges.
Our dedicated experts will explore every avenue to scope out the project deliverables based on your business challenges and requirements.
Testing your business infrastructure using a process, developed over 20 years, to ensure we identify even the smallest of threats.
You will receive a report written identifying risks, priorities and a clear course of action.
Our experts will guide you on the best choice of penetration testing for your organisation, depending on your specific challenges and business priorities.
Choose from white, grey or black-box testing.
With black-box testing, we start with no prior knowledge of the network or specific brief, which simulates the approach of real-world hackers.
With white-box testing, we have privileged information about your network and some agreed areas of focus.
Grey-box testing comes somewhere in between as we work with limited information, such as the topography of the network to uncover critical issues like admin access.
A physical penetration test is a set of simulated attacks performed by our experts to identify weaknesses in your organisation's physical security. This exercise consists of evaluating the security controls and bypassing any physical or electronic security measures to gain access to secure areas. Consultants will advise where insufficient security controls are in place. This includes looking for insufficient CCTV coverage, along with insecure locks and windows. Physical security assessments could also involve consultants being escorted around the premises.
Browser exploitation is a client-side attack that attempts to discover and exploit vulnerabilities either in or through the web browser, not just the network perimeter and client system. This is a technique often used by Advanced Persistent Threat (APT) groups and can provide a foothold for further attacks. Our assessment can consider multiple web browsers and use them as a base for instigating command modules and advanced attacks against the system from within the browser context.
Our consultants assess the internal or external infrastructure and attempt to identify and exploit vulnerabilities within the agreed scope. We will attempt to discover vulnerabilities such as weaknesses caused by misconfiguration, and unpatched firmware or software, using a mixture of automated software, manual analysis and our wealth of experience in this area.
Our experts will gather information from public sources, as well as from both passive and active scanning of the infrastructure.
Our expert consultants assess the application and attempt to identify and exploit vulnerabilities within the agreed scope. This is a largely manual assessment although some automated tools may be used.
A vulnerability in an application may lead to other elements of the environment being included in the assessment. Typically, the requirement would be to determine the full extent of access or penetration and so the scope would be far wider than the single application.
Consultants assess the security of the Wi-Fi network, looking to confirm the use of a suitable encryption scheme. Where a pre-shared key is used, the strength of this would be assessed.
Among other things, we consider network segregation, access to other networks, and applications available through the Wi-Fi network. We would also look at spoofing (otherwise known as the evil twin attack), creating an access point with the same SSID as the network to trick users.
Social engineering involves hackers manipulating people from within an organisation into carrying out damaging actions or divulging valuable information.
Our CREST-accredited team have spent more than 23 years protecting businesses like yours from this kind of threat, which includes everything from phishing to social media information leakage. Our experts provide a bespoke range of real-world social engineering services to highlight issues, provide vital metrics and identify weak spots that could be exploited.
Every step taken by your organisation to capture, store and process information can be tested.
The systems and buildings the information is stored in, the transmission channels that transport it, and the processes and personnel that manage it.
Servers, smart phones, firewalls & routers.
Websites, mobile applications & games.
Exchanges, smartphones, VOIP & fax servers.
WIFI networks, RFID tokens & contactless cash.
CCTV, door entry systems & mechanical locks.
FAQs
Cloud penetration testing involves running a simulated cyber-attack across all your organisation’s systems, including networks, software, apps and websites. In this case, of course, the cyber-crime experts are on your side. Our aim is to find all the security vulnerabilities an attacker could exploit before they have the opportunity to do so.
A&O IT Group’s CREST-approved penetration testers rank among the most respected in the industry, so you can be sure your assessment will be carried out to the highest possible standard. A number of our security consultants are active contributors to industry publications and white papers, and they are all well-established within the infosec industry.
Our bespoke report will provide you with concise analysis of security vulnerabilities and associated threat levels. Our complimentary executive and technical presentations are provided as standard, so you will have ample opportunity to discuss our findings directly with the consultant who carried out your testing.
Due to the threat landscape constantly evolving, penetration testing should be performed on a regular basis. It’s recommended that all organisation’s carry out a penetration test at least once a year but there are many reasons why more frequently would be recommended. When you make changes to infrastructure, for example, or in preparation for compliance standards.
Our high service standards, loyal team and flexible approach keep our valued customers returning to us time after time.
Identifying your cyber-security needs can be simple.
Contact the Team