SureCloud’s internal network penetration testing focuses more on what an attacker (such as an outside threat or a disgruntled employee) may be able to perform given basic access to a corporate network. As an overview this may encompass ensuring segregation between business functions down to the technical low level of establishing whether software and services are vulnerable to attack.
Effectively the internal stage of a penetration test is structured around identifying what an attacker could exploit from within the network itself, such as if a workstation had been compromised, an attacker accessed the network physically with their own system (such as a laptop), or if there were any other way into the organisation’s network (such as from the perspective of an insecure corporate wireless network, or via the internet).
Additionally, SureCloud will also include a privileged credential scan of the target environment, with scope of both workstation and server systems, along with SCADA devices and other network-capable systems. This provides your security team with granular information relating to missing security patches, configuration issues, and other common vulnerabilities that can easily be detected when scanned with an industry-standard vulnerability discovery tools.
The output of the internal assessment is to provide security teams and management with an overview of the corporate network as a whole, along with detailed information on any paths to compromise, whether this is obtaining control over an Active Directory domain, gaining unauthorised access to a Card-Data Environment (CDE), or other sensitive business critical information and data.