Network security is the foundation of any successful and proactive risk management programme. You wouldn’t build a house on quicksand and nor should you store information or host applications on an insecure network. First principles dictate that the underlying network infrastructure must be secure.
Whether you’re looking for a straightforward but reliable scan service to allow you to keep a regular tab on internal or external network vulnerabilities, a full wheels-up manual penetration test to give your network a thorough annual workout or to validate a newly launched system, NTA can tailor its testing to suit.
There is much debate and many different views regarding the definition of the often interchangeably used terms of penetration testing, vulnerability assessment and network scanning. But NTA believes this is secondary to finding out what it is you’re actually after and providing a flexible service to address this.
That’s not to say that NTA makes up the test as it goes along. To the contrary, NTA’s tests are based on a foundation of proven methodology, repeatability, established test procedures, structured reports and quality checks that have been developed and honed since delivery commenced in 1996.
All tests will have a manual aspect, at minimum including manual oversight, issue verification and report finalisation, with this manual aspect becoming the dominant feature of our higher end pen tests.
Naturally, automated testing is required to cover the myriad of potential vulnerabilities that may affect the systems and services within any given network. This gives a reasonable base and may be enough if a monthly sanity check or ‘tick box’ test is all that’s required, but this can be ‘layered up’ to incorporate increased breadth and depth of testing and varied reporting styles to allow you to receive the service you require.
The attack/threat scenarios, and thus the perspective from which the test is performed, are also key. Are you looking to address internal or external threats? Are you concerned about random automated attacks or more persistent and targeted threats? Are you concerned about threats originating from staff with authorised network access or ‘social engineers’ who may access your building, plug into a network port and do their worst? Or perhaps you’d like your systems to be tested from an authenticated perspective, allowing for a deeper examination of build and patching?
A network security testing programme will typically consist of a combination of these test types, depths, frequencies and perspectives. Please give us a call to discuss your particular situation and we will work with you to agree the most appropriate solution.