Our Approach

Our cybersecurity penetration testing uses the latest tactics, techniques and procedures to emulate what attackers are doing in the real world.

Leveraging intelligence from our Managed Detection and Response (MDR) platform to identify attacks that bypass traditional security controls, we are uniquely equipped to conduct testing that other vendors cannot.

What capabilities are we testing?

Prevention
Detection
Response

What does penetration testing help you answer?

What are my most critical security gaps that could be exploited?

How would my prevention and detection capabilities stand up to the latest threat tactics?

What methods would an attacker use to bypass my security controls?

Are my IT Admins and security personnel making good choices?

If a user or system is compromised, how will the rest of the network withstand the attacker?

Methodology

1

Establish Rules of Engagement

  • Goals and objectives
  • Scope and validation of targets
  • Timelines
  • Reporting requirements
  • Personnel, roles and responsibilities
2

Remote Testing Appliance Configured and Deployed

(If Needed)

3

Execution

  1. Open Network Services Enumeration

    Interrogate available network services to determine additional information that could lead to compromise (i.e., DNS, SNMP, SMTP, Net-BIOS, etc.)
  2. Open Network Services Exploitation 

    Use information from “open network services enumeration” to attempt compromise of your network services (i.e., brute force, authentication bypass, public exploits)
  3. Post Exploitation and Movement 

    Identify compromise vectors for your wider network or domain infrastructure; techniques show the potential of initial compromise
4

Manual Verification and Prioritization

5

Reporting

  • Executive Summary
  • Summary file
  • Detailed findings

Program Deliverables

Executive Summary Report

Targeted toward a non-technical audience so they are apprised of risks and mitigation strategies as a result of the engagement, including recommendations to remedy issues or reduce risk.

Detailed Technical Report

Targeted toward technical staff and provides detailed findings and recommendations, including methodology employed, risk ratings and remediation steps.

Make the case for an eSentire penetration test

Learn about eSentire’s unique approach to penetration testing.

  • Testers leverage intelligence from our MDR platform to understand attackers’ tactics and apply them in the penetration test 
  • Testing conducted via experienced and certified professionals (CEH, OSCP, CISSP, etc.) 
  • Clear reporting with risk prioritization and detailed findings 
  • Includes detailed discussion with eSentire Advisory Services team members on findings and remediation

View Now