During an Internal Attack & Penetration Test , Secmentis consultants simulate the "insider threat" (e.g. a disgruntled employee or business partner) by employing the same tools, methods and tactics used by the bad guys to breach the internal network and IT systems of your organization.
The goal is to identify your internal vulnerabilities ahead of time and advise you on how to fix them, before a real insider threat incident occurs. During an internal penetration test, we attempt to gain access to as many of your critical internal systems as possible.
Secmentis Internal Penetration Test services are available in Bulgaria (България), in major cities like Sofia (София), Plovdiv (Пловдив), Varna (Варна), Burgas (Бургас), Ruse (Русе), and Stara Zagora (Стара Загора), and can be provided remotely. Generally, we provide Internal Penetration Tests worldwide in the Americas, Asia & Pacific, Europe, and Middle East & Africa regions.
Our Internal Penetration Tests are conducted from the perspective of an internal, malicious insider. We methodically follow these steps:
Note: Our penetration tests begin only after you have given us explicit and signed authorization.
Secmentis will provide you with a report which includes the following deliverables at the end of our testing:
Can you confidently answer "Yes!" to the following?
We provide peace of mind by putting these fears and assumptions to the test.
Malicious or disgruntled employees are the most common insider threats. They seek to either cause damage or steal your secrets.
They target : (a) Trade and Corporate secrets, (b) Personal information, (c) Business plans, and (d) Customer information.
It's possible that some customers may have malicious intent and are looking to extract information. On the other hand, organized cyber criminals may target your organization through your customers.
They target : (a) Employee personal information, (b) Sensitive business information, and (c) Trade secrets.
It may be possible that cyber criminals are attacking your organization through your trusted vendors.
They target : (a) Personal information, (b) Sensitive business information, (c) Trade and Corporate secrets.
Ex-employees already have insider information and know how your business works. They may seek to cause brand damage or steal secrets.
They target : (a) Key people and employee information (e.g. emails), (b) Sensitive business information, and (c) Trade and Corporate secrets.
Be proactive by contacting us to find out how we can help
Our Internal Penetration Tests are tailor-made for your organization and cover your specific internal IT assets.
We attempt to breach employee-facing web servers and websites belonging to your organization (e.g. Apache HTTP Server, Nginx, IIS, internal web portals, intranet sites, etc.).
We attempt to penetrate employee-facing application servers belonging to your organization (e.g. Oracle, Apache Tomcat, etc.)
We attempt to breach employee-facing database servers belonging to your organization (e.g. MySQL, PostgreSQL, Oracle, Microsoft SQL Server, etc.)
We attempt to infiltrate employee-facing network routers belonging to your organization to gain unauthorized access.
We attempt to penetrate employee-facing network firewalls belonging to your organization.
We attempt to breach employee-facing file servers belonging to your organization (e.g. FTP servers, SFTP servers, NFS servers, SMB/CIF servers, Microsoft SharePoint servers, etc.)