An organisation’s technical environment presents threat actors with a variety of opportunities for breach and lateral movement. With reliance on technology growing in volume and complexity, even the most diligent security team can miss vulnerabilities in people, processes, and technology. This can lead to cyberattacks which bring reputational, financial, and legal problems.
Sapphire’s certified penetration testers work closely with customers to expose the tactics, techniques, and procedures an attacker would use to compromise their organisation. This allows them to comply with legislation, allocate resources more effectively and set improved forward-looking cybersecurity strategies.
Benefit from a company with 25 years’ pen testing experience which is compliant with CREST, Tiger, NCSC and has maintained CHECK Green Light status since 2004.
Each pen test comes with comprehensive management and technical reporting, which can be applied to historical results to understand an organisation’s security maturity journey.
A wide range of pen tests, including internal and external network level testing, web and mobile application assessments, security audits, vulnerability assessments, testing for standards such as CE Plus and NCSC CHECK, Red Teaming and more.
A comprehensive manual assessment on specified hosts. The objective is to identify, but not exploit, potential weaknesses in the security system (e-mail, software, unrestricted data flows or operating system). Manual penetration testing greatly reduces false positives and provides comprehensive and legible reports.
Performed locally on specified hosts to provide an assessment of the effectiveness of deployed internal network security. It is designed to identify weaknesses in the security of computer systems connected to the internal network, including workstations, servers and network equipment.
As organisations conduct more business online, these systems are open to being exploited. Sapphire tests software and applications, advising on security configurations and vulnerabilities. Sapphire follows OWASP 2017 guidelines, and testing focuses on the top 10 application threats.
The test will check for common configuration errors that could allow an attacker to compromise the network and may allow unauthorised user to access back end systems. Sapphire will test both the guest and corporate wireless networks.
Firewalls are the front line of defence against cyber threats. Sapphire can conduct a review of firewall configurations and rules to validate that they are implemented according to best practice.
These assessments can be conducted on any host, network device or servers. Sapphire will audit your key IT assets’ security configuration based on industry-standard benchmarks, as well as Center for Internet Security (CIS) guidelines and ensure that each component is compliant.
Penetration testing is where organisations employ skilled cyber security professionals to attempt to find weaknesses in a particular security environment. Becoming a penetration tester involves gaining approved certifications, some specific to particular sectors and regulatory environments.
Typically, carried out in 5 steps, including;
1. Planning. The pen test team receives expectations and scope of the test from the organisation and starts information gathering to understand potential attack vectors.
2. Threat modelling/ Scanning. Once a list of potential targets has been drawn up, the pen test team will begin scanning the attack surface to ascertain the crucial first phase of the attack chain, typically this is through web facing assets, or social engineering.
3. Gaining access. In this step, the pen tester uses the information gained in Step 1 and 2 to access the target organisation.
4. Lateral movement. After gaining access, the pen test team begins trying to move laterally through the environment towards the target. This often involves privilege escalation and other ‘low and slow’ methods designed to remain stealthy.
5. Reporting. In the last step, the tester will provide a detailed technical report of their findings. The report will include the vulnerabilities identified based on type and host, a solution or remediation to the issue and the risk to the overall organisation.
With regular pen tests, an organisation can identify flaws in people, process and technology before an attacker does.
Security testing improves the security posture of your organisation by identifying the security weaknesses present and targeting the patches and other improvements that you need to make to policies and procedures.
As a leading cyber security firm in the United Kingdom, Sapphire is able to offer:
With 25 years of experience, our pen testing teams have a significant understanding of how to approach different environments, leading to better quality results.
Our pen testers are all ethical hackers who use custom toolkits and well-established commercial penetration testing tools to target your IT systems. This provides a unique and thorough security assessment which is not possible using automated scanners.
We value your experience with us. That is why we work in tandem with your company to provide the highest quality customer experience while delivering our services. Sapphire is agile enough to adjust to your business’s requirements whether you are looking for support with an on-site project or require us to deliver our testing services remotely.