How can you ensure you have outsourced your penetration testing requirements to the right provider?
You may look at a security services provider’s experience or ask for evidence of testing conducted for other organisations.
There is, however, another point to consider – accreditation.
At Sapphire, we want to ensure every one of our customers has the confidence in us to implement their cybersecurity services. We provide customers with the knowledge on vulnerabilities to allow them to remediate and, in turn, reduce the attack surface.
When carrying penetration testing or vulnerability assessment assignments, Sapphire testers adhere to guidelines, codes of ethics and principles published by several accreditations – one being CREST.
But what is CREST? And how does being CREST registered act as a way of building trust between customer and provider?
What is Penetration Testing?
Penetration tests, or pen tests, are simulated cyber-attacks via ethical hacking to expose flaws in an organisation’s security measures.
Commissioning a penetration test or vulnerability assessment is a great way to ensure that security technologies are in place and functioning correctly. An assessment can also provide peace of mind that your software, servers, workstations and infrastructure are all behaving in a manner to protect your critical business data and reputation from external or internal attack.
A test is often a necessity due to many different regulatory compliance demands. If not carried out due to best practice, a test can go a long way to reassure customers and business partners alike. A penetration test is a great way to ‘prove’ changes to network infrastructure by identifying any weaknesses exposed or corrected by the changes made. It can also be used as a tool before connecting new services or applications onto a live network.
In today’s connected world, organisations of all sizes in both the public and private sectors need to be aware of the limitations of their security technologies and procedures. If you have company and or personal data either connected to the Internet or providing access to business-critical services, then you should regularly test the security of your infrastructure.
Using custom toolkits and well-established commercial tools, the testing team can provide a unique and thorough assessment that is not possible using automated vulnerability scanners.
On completion of any test, Sapphire will complete a management report and a full technical report. The deliverables will include recommendations for technical countermeasures and other improvements where appropriate. The reports will also compare previous test results to enable our customers to evaluate ongoing patch management and configuration work effectiveness.
To give your organisation peace of mind, you may choose to appoint a trusted, specialist cybersecurity provider, employing qualified professionals to help them conduct your penetration testing.
Who is CREST?
The Council for Registered Ethical Security Testers (CREST) is an international not-for-profit accreditation and certification body representing and supporting the technical information security market.
What does a CREST certified company mean?
CREST accreditation represents cybersecurity providers that offer the highest standard of service and most professional network or website penetration testing.
To be certified with a CREST accreditation, a cybersecurity provider will go through a stringent assessment of:
- Company procedures and standards
- Personnel security and development
- Approach to testing and response
- Data security
CREST guides Sapphire on preparing for penetration tests, conducting actual tests consistently, and following up tests effectively. This guide also provides practical advice on establishing and managing a penetration testing programme, helping organisations achieve effective, cost-effective penetration testing as part of a technical security assurance framework.
Why is a CREST-accreditation important for a pen testing provider?
Becoming a CREST member requires a stringent assessment process. Choosing Sapphire as your CREST penetration test team assures you that our information security methodologies can provide a strong assessment and, therefore, implementation of your security systems.
A CREST certification pen testing service also assures the customer that the entire pen testing process is conducted to the highest legal, ethical, and technical standards. The CREST pen testing process follows best practices in critical areas such as preparation & scoping, assignment execution, post technical delivery and data protection.
Why choose Sapphire for your penetration testing?
With 25 years of experience in cybersecurity, Sapphire’s pen-testing prides itself on delivering tangible results for our clients.
Sapphire testers work within current legislation, the Computer Misuse Act and its various amendments. Data Protection and other relevant laws and acts are observed during testing and or data handling procedures.
Sapphire’s pen testers are ethical hackers who use custom toolkits and well-established commercial penetration testing tools to target IT systems. Our team provides a unique and thorough security assessment which is not possible using automated scanners.
Sapphire’s CREST penetration tests utilise agile and adaptive techniques to adjust to your organisation’s systems. Our experienced penetration testers job is to expose any security flaws.
So, whether you are looking for support with an on-site project or require or deliver penetration testing services remotely, Sapphire is here to help.
Trust is important to us. That is why we partner with our clients to provide a high standard of customer experience in delivering cybersecurity services.
What Pen Testing services does Sapphire offer?
Sapphire offers a range of testing services that can provide peace of mind and be flexible to your business needs. Our CREST accredited services include:
- External testing
- Internal testing
- Web application testing
- Wireless testing
- Remote access and VPN testing
- CHECK testing
- Device testing
- Firewall review
- Build and configuration reviews
- Vulnerability assessments and automated scanning
- Social engineering
- Cyber essentials