One article recently commented that ‘the ideal Pen Tester exhibits a healthy dose of deviancy.’ On the surface that reads like a contradiction, but it’s exactly what thinkers about defence and security have always believed.
Cybersecurity is, ultimately, about people. How your people use technology and applications, how (human) hackers plot to take advantage of your (very human) weaknesses and any technical gaps in your defences.
Pen Testers exist because both people and technology are vulnerable. You can’t automate your way to total security. You need people – clever, experienced, and resourceful experts who know the technical aspects of cyber backwards and also understand how people behave in real life.
At Reliance acsn we’re proud of our team of Pen Testers. Their brilliance is what sets us apart from our competitors. Their skills, ingenuity, and ability to go to the dark side is what will help boost your cyber defences.
And, uniquely, once you’re a Reliance customer, you get to engage with them – no account manager in between.
FULLY QUALIFIED AND ACCREDITED
Trust is vital. You need to be sure that our Pen Testers are on your side and that they’re backed by strict accreditations which underpin our integrity. The Reliance brand is based on how they deploy their knowledge and expertise on behalf of our customers.
DON’T MEET THE TEAM
Our Pen Testers are great people, but we can’t identify them on our web page. They’re experts at replicating the behaviours of bad actors – without being bad themselves. Here’s just a flavour:
“I was doing a Build Review when it struck me that there were these really mundane tasks being run on a Windows 10 client at the same time each day. I mean, they look so ordinary you wouldn’t give them a second thought normally. But it’s our job to be suspicious and always have that ‘second thought’. So, I did… well, let’s say ‘a few things’… and by the next day I’d discovered it was a sneaky way to get full administrator rights which would allow a hacker to deliver a nasty pay load.”
That experience sums up our team’s expertise. They work together as well as individually. And together they provide a strong and rigorous pen testing service, something no single Pen Tester could achieve in a short space of time.
MEET THE TEAM
Reliance acsn is different because, once we work for you, our Pen Testers actually talk to you. Person to person. In confidence. That means we can tailor our services to your specific needs. We don’t just do templates. You’re part of the evolving process. There isn’t an account manager between you and them. We use automation, but don’t rely on it.
By its very nature, pen testing deals with uncertainty; you don’t know what will be found or where. That means that relying on templates to simulate attacks can only go so far. The past can often be a guide to the future when it comes to what hackers do, but the worst attacks come out of the blue. You have to think of every eventuality. And that’s best done as a team – us and you – that knows each other.
So, you will meet the team. Just not here, in public.
Hackers look for the easiest route into your organisation; it could be an unpatched system or even a Zero-Day vulnerability, but it’s most likely to be human behaviour. We test it all to find out what’s making your organisation vulnerable.
External and Internal Infrastructure Testing
Attackers seek opportunities inside and outside your organisation. Your attack surface comprises infrastructure that delivers connectivity between you and the world (via the Internet in all its forms) and how you manage data, systems, and connections within your business. We look for vulnerabilities everywhere.
Code and Build Review
It’s important to verify the security of your application source code, and then make sure that the master image that’s used to configure your servers, workstations, and other network infrastructure can’t be used to undermine your security. Both actions are vital in a world where data is becoming more dispersed across devices and systems (especially if you rely heavily on IoT, and your people work from home or on the go) security breaches can result in huge fines as well as reputational damage.
It’s important to find the things that don’t get used much (or at all) before a hacker can exploit it. So, we look to harden what you use most, and also find non-essential programs, functions, applications, ports, permissions, and access (amongst many other possible vulnerabilities) to close them down, delete them, and generally ensure every brick is where it should be in the wall.
Wireless Network Testing
A hacker is, by definition, an unauthorised user, so we look for ways to hijack your Wi-fi at the locations where you provide it for your people and visitors. It’s the most obvious way for a hacker to get through your defences. So obviously, we look for vulnerabilities.
The UK has this week announced the establishment of a National Cyber Force. Marcus Willett explains the rationale for this next step in the evolution of UK cyber.
The NCSC issued advice to the education sector at the end of last week on the growing threat from ransomware attacks targeting the sector.
You may recall in June we speculated that ransomware would be on President Biden’s agenda when he met President Putin in Geneva. We suggested that ‘the Biden administration is likely to use the opportunity to put further pressure on the Russian government to assist in closing down the criminal networks benefitting from ransomware attacks’
Identifying Windows domain system privileges is a vital task for any penetration tester but making sure you’ve captured every data point is a time consuming and difficult task for even the most experienced professional.
Contact us now on:
+44 (0)845 519 2946