Network Penetration Testing is a type of Penetration Test that generally applies to physical Information Technology assets. The purpose of Network Penetration Testing is to identify the presence of points where a threat (defined by the hacker) can align with existing risks to achieve penetration. We help prevent penetration by identifying these points and providing effective methods for remediation before they are exploited by malicious hackers.
In order to ensure that our Network Penetration Tests provide an accurate measure of risk (risk = probability x impact) the tests are delivered at threat levels that are slightly elevated from that which are likely to be faced in the real world (unless reduced by customer requirements). Testing at a lower than realistic threat levels, such as with methodologies that are driven by automation, is ineffective from a true security perspective.
We adjust threat levels by adding or removing attack classes. These attack classes are organized under three top-level categories, which are Network Attacks, Social Attacks, and Physical Attacks. Each of the top-level categories can operate in a standalone configuration or can be used to augment the other. For example, Network Penetration Testing with Social Engineering creates a significantly higher level of threat than just Network Penetration Testing or Social Engineering alone. Each of the top-level threat categories contains numerous individual attacks.