Penetration Testing and Active Security Risk Service

Most penetration testing is disproportionately focused on testing an organisation’s defensive capabilities. Counterhack aims to go beyond that by also looking at your capability to detect and manage security incidents.

A key component of any assurance program is regular testing for security vulnerabilities that may be a vector for an infosec breach. Security Testing should be an integral part of every business IT system’s release cycle.

Penetration testing provides management with an independent assessment of infosec risk by identifying vulnerabilities in IT deployments through active cyber exploitation. Penetration testing can be conducted on various components of the network, internally or externally.

In parallel with the penetration tests, we can review the ability of your existing systems to detect these attempted intrusions, and the preparedness of your security team to respond to them.

We also have experience in desktop cyber-simulations to exercise and test the security response function. This is most effective when the exercise is broadened to include business managers who would be asked to make timely risk-based decisions in the event of a real breach.

Our security reports will provide you with actionable, risk-based recommendations to address control gaps, so that you can have the right balance in place between deterring, detecting and responding to cyber security threats.

Counterhack personnel have experience in conducting penetration tests on:

  • Networks
  • Applications
  • Web sites
  • Kiosks and end user devices
  • Operational technology