Also known as a "penetration test" or "red team test", this technique is used to demonstrate real-life threats to your business and to stimulate the human aspects of your security. Corporate readiness does not necessarily equate to employee readiness against a determined and well-prepared attacker.
We will identify the "best case" entry path for your threat - which corresponds to the worst case for you. We then simulate this attack in person, determining the vulnerability of physical, cyber, and human assets. This allows us to test things that can't be easily predicted, such as company security culture, and how your guard force responds.
In addition to evaluating the human response and reporting on vulnerabilities discovered, the penetration test has a spectrum of possible outcomes, between:
- We were completely unsuccessful in carrying out the simulated attack - this provides peace of mind, demonstrates to upper management that your controls are effective, and often helps reduce insurance rates too.
- We were successful - indicating that a real attacker would be as well. We will then work with you to mitigate the vulnerabilities, and re-test until you are secure.
Our goal is to re-test after findings have been fixed, and to get apprehended on that re-rest. We undertake a thorough analysis of all ways an intruder can move throughout your site, and use this to ensure that we are testing the "worst-case" entry path on the re-test. This ensures that if we were apprehended on your worst-case path, you are safe no matter how an intruder chooses to go!
