Penetration testing is a simulated attack designed to identify weakness in organization’s IT infrastructure that could leave a space open for a potential breach. It discovers internal and external security exploits and demonstrates how well a network, application and information asset is protected.
An internal network pen test is performed to help gauge what an attacker could achieve with initial access to a network. An internal network pen test can mirror insider threats, such as employees intentionally or unintentionally performing malicious actions.
An external network pen test is designed to test the effectiveness of perimeter security controls to prevent and detect attacks as well as identifying weaknesses in internet-facing assets such as web, mail and FTP servers.
Key features of internal and external penetration testing services are:
- The ability to identify and assess the impact of network weaknesses before a malicious attacker does.
- Being able to analyze exploitable weaknesses based on identified potential vulnerabilities and likelihood.
- Achieving a desired compliance level with industry and regulatory requirements.