The goal of an Internal Penetration Test is to gauge the effectiveness of internal security controls against an attacker with access to internal network resources. This attacker could be a knowledgeable malicious insider, or an external attacker that has gained limited access or a “beachhead” on the internal network. The purpose of this test is to simulate a real world attack with specific goals, generally gaining root or administrative access to targeted systems, or access to data stores.
Our assessment process is performed by specially trained individuals using current attack methodologies and tactics. The Internal Penetration Testing deliverables include a detailed narrative report with specific attack paths and scenarios, along with recommended remediation strategies.
The test is performed in two phases: One with network access only, and one with network access and limited user access to simulate an internal user compromise. Our test mirrors how actual attacks occur, but without stress or liability. 10-D Security’s Red Team will employ cutting edge techniques and strategies used by today’s bad guys to detect and evaluate your security controls.
This test does not replace a traditional Internal Vulnerability Assessment or External Penetration test, but complements it by enabling institutions to assess how their layered security controls hold up to a skilled attack.
The Internal Penetration Testing deliverables include a detailed narrative report with specific attack paths and scenarios, along with recommended remediation strategies.
The 10-D Security Difference
- Red-Team (Attacker) and Blue-Team (Defender) experience allows for a more thorough evaluation and more meaningful results.
- Nationwide testing experience with ALL types and sizes of institutions.
- Proprietary tools capture and review key data in a fraction of the time.
- We specialize in testing the critical, sensitive infrastructures of financial institutions.
Who Benefits from an Internal Penetration Test?
This service applies to organizations:
- With an Incident Response Plan exists and is ready for testing.
- Whose management values a proactive evaluation and the preemptive assurance this assessment will bring.
- Where the IT Team immediately has a “Game On,” “Bring It” attitude, and is ready to engage
- Their razor sharp detection and defense skills.
The Scope of Work
The scope of our Internal Penetration Test is straight forward:
- All internal systems may be targeted unless specifically excluded.
- Goals or “Flags” are set by the client prior to the assessment and serve as the objective for the Red Team.