A Penetration test goes further and deeper than a Vulnerability Assessment. A human tester will safely exploit security weaknesses in order to gain further access to your critical systems, therefore mimicking the actions of a potential attacker.
Identify your high risk vulnerabilities so you can prioritise your remediation activities.
Demonstrate mature security culture within the business
Meet regulatory and compliance standards, such as PCI DSS and ISO27001
Show your clients that securing their data is important
Vulnerabilities exist in operating systems, services and applications. They are created through application flaws, improper configurations and end-user behaviours. A penetration test can help to validate adherence to internal policies and the effectiveness of controls across any business infrastructure.
The external network-layer penetration test provides a ‘real world’ understanding of your internet-facing environment and what could be exploited by the nefarious actions of a hacker or rogue employee. The test is conducted off-site. Network layer penetration testing identifies weaknesses with the configuration of internet-facing system components and identified any security flaws due to missing patches or misconfigurations. External penetration testing can also be conducted against cloud-based infrastructure. One Compliance external penetration testing support PCI DSS requirement 11.3, 11.3.1 & 11.3.3.
Contact us to arrange a discussion with one of our consultants
Configuration reviews cover devices which are not networking components such as servers, desktops, laptops, phones, tablets etc. The review covers the hardware set-up/configuration and the operating system specifics that interact with that hardware.
Network device configuration reviews cover firewalls, routers and switches which are used to isolate and segment your network. The review looks at the software levels of the devices, the general configuration and the implemented rule-sets used to enforce proper segmentation between network security zones.
Cloud services are becoming more commonly used in organisations. One Compliance can review the security setup of your cloud infrastructure to ensure that the configuration is compliant with vendor and industry best practice.
