Penetration testing is an essential service for all organisations, very much distinct from automated scanning tools, this type of testing aims to replicate a real-world hacker as closely as possible. Datavax’s realistic approach relies on manual testing methods and extensive knowledge and experience of the industry. This type of approach alongside a regular schedule of tests means even the most complex systems and information can be protected and secured from these types of threats.

Often confused with conducting a vulnerability scan or security assessment, ​penetration testing stands apart in a few critical ways.

1. Whilst regular scans and reviews can check for missing patches and security holes on the surface, a penetration test goes further. A penetration tester thinks like a real-world hacker, exploring multiple avenues of attack and replicating their approach and methods to obtain critical reporting insight, detail that a scanning tool would not be able to produce.

2. Penetration testers need to be experts in their field and have exposure to the latest tools and methodologies to be able to replicate a real-world threat effectively. To achieve this level of specialism, testers must be trained and certified to the highest standards in the industry, comparably the use of automated scanning tools does not require industry certification.

3. To be able to efficiently protect and secure your organisation and customers, you need to understand the path a potential threat could take and the overall impact it could have in order for you to make effective business decisions in the context of your information security strategy.

From start to finish, you’ll be paired with a dedicated Project Manager and Penetration Tester who will be on hand throughout the whole process should you need any support.

The process is relatively simple, we first discuss your current setup and the testing processes you have in place as well as the key motivators and considerations for getting tests completed. For example, if an employee recently fell victim to a fake email (Phishing Email) you may wish to conduct regular Social Engineering tests, such as Phishing Assessments to address the issue and ensure staff are well trained on the topic and associated reporting processes.

We then scope out final requirements and agree a project plan together, ensuring any party involved in the project is looped in and in agreement. Next, we carry out testing over the agreed period, highlighting any critical vulnerabilities we find in your infrastructure immediately. Once testing has been completed and the report has been compiled and shared, we are again on hand for any technical support you may require to digest the report and any advisories.

The final step in the process, is ensuring you’re confident in any actions you need to take in relation to the test results and best practice moving forward, sharing your website badges with you (to promote test completion) and most importantly, making sure you have been happy with the service.

Once you have approval from your organisation to carry out penetration tests, we will need to know what type of test you require, the scope of these tests (e.g. will we be testing head office and sub office’s infrastructure?), insight about your current infrastructure and setup (e.g. IP’s that will be tested) and details of any 3rd parties that need to be made aware of tests. Don’t worry if you’re not sure how to find this information though, as your dedicated project manager can help with this during your first call.

Datavax want to make information security accessible and effective for all, so to ensure we provide the most accurate and affordable price, we always ask for your specific requirements first. This typically happens on the first call with your project manager and tester, so we can ask any necessary questions to ensure we understand the requirements in detail.

The duration of a test can vary depending on a few factors, including the scope of each tests, the approach (manual Vs automated) and finally, the results. For example, if your penetration test does not identify any vulnerabilities, it will take less time overall than if we find multiple vulnerabilities that require exploitation for reporting. However we can provide clear lead times on your first call and and insight about the planned duration of the project, during kick off.

Datavax provide branded website badges indicating test completion, enabling your business to promote your information security to new and existing customers. We can also provide customer facing cover letters as proof that you have had tests completed. In some instances, our clients require a retest if vulnerabilities are found during initial tests, in order to obtain a Clean/Pass result.

Red Team (attackers) assessments are designed to test the capabilities of Blue Teams (defenders). Whereas a normal penetration test seeks to establish and test common exploitable vulnerabilities, Datavax used a Red Team approach to seek to replicate the behavior or to act in a bespoke manner similar to how a patient advanced attack or advanced persistent threat (APT) would.

By using this ethical hacking approach rather than purely scanning and automation tools, Datavax can be confident that testing replicates a real-world threat in a realistic way, as such in a Red Team approach. For example when performing Web Application Tests, Datavax testers assume a 75/25 split between manual ‘human’ testing and automated scanning tools.

Ransomware is a type of malware (software intentionally designed to cause damage) that is used to encrypt a person or company’s device and associated data. The attacker then demands a ransom in order to restore access to the device and data. Usually victims are given instructions for how to pay the ransom and obtain the decryption key to regain access and control. Once of the most recent and notable examples of a Ransomware attack was Ireland’s national healthcare provider, HSE.