Penetration Testing

The only way to be confident that risk mitigation strategies protecting a company against cyber-attacks will be effective, is through simulation and pro-actively testing security measures before a real intruder does

 

 

We understand the importance of a secure network and know that your business depends on it.

Our penetration testing specialists examine the current state of your infrastructure to assess the resilience of your security controls, and to identify ways that an attacker might use to gain unauthorised access.

Our reports detail the security vulnerabilities within your infrastructure that could potentially be exploited. This also recommends best methods to secure the environment based on your unique internal business requirements, risk profile and industry best practices.

Our methodology uses either black or white box testing. As an unauthenticated tester with limited or no knowledge of your systems, we can perform a Blackbox penetration test, searching for ways to access your organisation's internal servers.

With system level credentials, testers can conduct an in-depth Whitebox test allows them to flag internal vulnerabilities and misconfigurations, not possible from a Blackbox perspective. Blackbox pen testing better reflects the methodology of an attacker with minimal knowledge but can miss key vulnerabilities due to a lack of privileged access.


Key Benefits

Vulnerability and Patch Management

Default settings, misconfiguration and poor patch management provide the most common attack vector for adversaries. Our approach is to examine in detail each system to provide a comprehensive list of remediation actions to improve cyber hygiene. We understand that it’s not always possible to patch OT systems and many have inherent security flaws due to the use of legacy systems and software. Our approach is simple; to follow, proportionate and appropriate controls, based on your own operational environment and business risk profile.

Password Audit

Adversaries often exploit weak passwords and attempt to obtain and crack hashes to gain access to a network. Our password audit takes a deep dive into Active Directory to assess the security levels of passwords - determining whether they have been reused, when they were last reset and if they contain any weak stored hashes. This data is critical, hidden from view and all too often overlooked. We will also review email addresses that are attached to your domain to see if these are contained within large data breaches.

Information Technology Health Check (ITHC)

An ITHC covers more than the single penetration test, this covers all systems within your operations, typically systems in the internal OT LAN, DMZ and WAN, within the enterprise network. ITHC goes above and beyond a simple automated network vulnerability scan, by assessing the overall security posture of the organisation through assessments of protective monitoring controls, policies, process, user education and methods of working. We take an overall holistic view and advise where improvement can be made and simple steps are taken to provide the highest ROI.

Digital Forensics and Incident Response

Our forensics partners have expertise in cybercrime investigations on utilities, manufacturers and operators of robotics or IoT devices. Using years of experience in cybersecurity and digital forensics, we can carefully craft our data extraction and analysis and put together a case report tailored for the investigation.

CISO/Security Manager

We can provide interim CISO IT/OT security cover from our highly experienced consultants. Whether you’re looking for a short-term engagement or emergency cover, we can provide the skills and expertise you need to keep you safe and compliant until the post is filled.


How we add value

Independent

SolutionsPT has a number of highly skilled and qualified security and networking professionals who operate as engineers, consultants and architects. We engage with both private and government cybersecurity resources to keep abreast of and influence current thinking and best practice guidance across the OT sector.

Understand IT/OT Convergence

With over 30 years of experience working in the field of Industrial Automation, SolutionsPT are recognised within the industry for delivering value to our large customer base. With over 2000 customer sites in the UK and Ireland, our Technical and Support teams have a wealth of experience on delivering solutions in OT environments.

Working Within Your Security Framework

We understand the need, complexities and intricacies of global and sector specific guidance such as NIST, NIS-D, OG86, IEC 62443, CIS, PAS-96 and ISO to mention a few.

Experience Supply Security Into Critical National Infrastructure (CNI)

Our consultants have designed and secured systems for customers within CNI such as Utilities, Generation, Transmission, Transport, Gas and Oil, Nuclear and Transport and other sectors.

Talk To Our Cybersecurity Experts

For more information on implementing and testing your defences with offensive security, get in touch.

Get in touch