Penetration Testing

As networks continue to grow and become more diverse, it is critical that organisations understand what their risks are in terms of network security from both an external and internal perspective.

The ideal of a strong perimeter protected by a firewall no longer stands. The reliance on interconnecting networks, web applications, VPNs, VoIP and the multitude of IP-enabled devices means there are multiple entry points into the network. Penetration testing can help to gain assurance that the controls in place are effective at preventing unauthorised access by simulating an attack and using active exploitation and attempt to escalate privileges.

A comprehensive report will be provided at the end of testing which not only gives technical details of the problem and remedial recommendations, but also a summary highlighting the business risk and potential non-conformances to any applicable standards or regulations.

Our methodology

Why IRM?

IRM has a team of professional, highly skilled technical consultants who possess industry valued certifications such as CREST. Their collective experience spans technologies ranging from complex financial trading systems to classified government infrastructure. IRM are also a 'CHECK Green Light' company meaning they can provide services to government departments.

Our trained consultants can perform testing from a number of ways; no information (black box) to try and simulate a real-world attacker trying to gain unauthorised access, through to full disclosure (white box) where full details and various levels of access are provided to identify vulnerabilities and understand what access could be achieved.

Many clients have more specific requirements when it comes to defining a scope of works, which is where IRM are able to offer a full tailored service from an individual test or a complete framework agreement for ongoing assurance.