Advanced Intrusion Testing
Today’s attackers are using increasingly surgical and targeted tactics in both cyber and physical domains.
Security breaches in organisations are at their highest ever levels, proving that tick-in-the-box compliance testing alone no longer gives adequate protection.
You're compliant. But are you secure?
Our Advanced Intrusion Testing (AIT) service simulates these sophisticated, persistent, multi-dimensional and pervasive threats to test customers’ security vulnerabilities, and give a true measure of their real-world, exploitable risk.
Our AIT service draws on all the specialisms we bring to bear in our Security Health Check service, and combine these with military grade physical security expertise to conduct a highly accurate assessment of the threat to either a specific location or the organisation as a whole. It has two strands:
- AIT Cyber – which simulates internet-based attacks.
- AIT Physical – which is based on attempts to gain physical access to a company’s assets.
The complete picture this provides of an organisation’s security can be used to benchmark improvements, target security spend and resources, and shape future security plans.
Not just a tick in the box...
Our world-class penetration testing team specifically models the steps an attacker needs to go through to mount a successful attack against the organisation. The AIT process involves:
- Expertly simulating a number of real world attack vectors. These may include attempting to gain access to company premises with a view to accessing internal networks, or the delivery of simulated malware designed to bypass current technological and procedural controls.
- Simulating the attacker pursuing their specific goals – for instance, to collect and steal data – with assessments that demonstrate ‘real’ exposure to vulnerabilities.
Once testing is complete the team provides a report that illustrates the vulnerabilities found, including full details of the route to compromise. They prioritise areas of risk, and make actionable vendor-independent recommendations around how the organisation can be better protected against this risk in the future.
We were one of the very first organisations in the world to engage in penetration testing. We have been deploying AIT – sometimes known as ‘red teaming’ – for a number of years in mature, high security, live environments such as aviation, finance and banking, retail, nuclear power stations and other critical and national infrastructure.