Provided with only a minimum of information, the ethical hacker attempts to penetrate your critical IT applications, web applications or Industrial Control Systems (a.k.a. "ICS" or "OT"), which is called "black box" testing. In case of another way of testing - called "white box" testing - the tester is temporarily granted access to your critical IT and/or production environment and attempts to breach the critical systems from the inside.
The tester will attempt to identify as much vulnerabilities, data leaks or other (potential) issues as possible during the given timeframe. The more time the ethical hacker gets, the more in-depth the assessment on your applications.
Who
Any organisation (SMB's or large enterprises) who wishes to gain insights into the impact a malicious attacker can have on their IT and/or production environment. Timely identification and addressing of potential security risks or issues decreases the odds of a malicious hacker gaining access to the IT and/or production environment, and strongly reduces the (potential) impact/damage of security incidents.
Deliverables
The final outcome of an assessment is uncertain as it will depend on the quality and maturity of the security mechanisms present within your test target environment. You can be sure that you will be informed about all noted findings. These are categorized and vary from "nice-to-know" for issues causing limited security risks to "critical" for vulnerabilities that require immediate action. Our ethical hacker will also include recommendations and best practices which can be incorporated in a pragmatic way into the organisation's defense strategy, which will help protect against (the consequences of) ransomware and other cyber threats.
What types of pentesting can we perform for you?
IT network penetration test
We realistically —but ethically— emulate the actions of a cyber criminal.
In a penetration test we go some levels deeper than a vulnerability scan, providing you a more detailed overview of both the technical, but also organisational status of your security measures.
ICS / OT penetration test
Your production environment (or ICS / OT environment) is critical for your company. As such, it is important to ensure that these aren't vulnerable to cyber attacks.
Our testers have extensive experience with production systems and know where to look for vulnerabilities in the devices, their management systems or their configuration.
Web application penetration test
As your web application is continuously exposed to the internet, it is a visible target for cyber criminals.
Similar to the penetration test of your IT or ICS environment, our tester will ethically emulate the actions of a cyber criminal in an attempt to identify vulnerabilities within the application (if present).
By patching the identified vulnerabilities you can protect the application against unauthorised access, loss of data or other harm that can (in)directly be caused to your organisation.
KMO-portefeuille
Can a SMB apply for the "KMO-portefeuille subsidy" for this service?
Yes, clipeum is a recognized service provider for both advice and training.