About

Your corporate or office network is where the majority of your key data is stored and/or accessed from. Gone are the days where it was safe to assume that strong perimeter defences were enough to prevent attacks. It’s now safest to assume that your network has or will be compromised, and to then understand what an attacker could achieve once they have access and so that you can put adequate protections in place.

How we can help

Pākiki have extensive experience carrying out security testing within a wide variety of environments. Whether they are:

• Small office networks.
• Large corporate networks.
• Cloud environments.

We can help identify the vulnerabilities in the environment, and will provide detailed and practical remediation advice on how to fix them.

Methodology

The methodology will differ depending on the nature of your environment, and what the objectives of the test are. However, it would be common for a network test to include:

1. Reconnaissance Understanding the network layout. How devices behave, what devices can be accessed from where the consultant is located.
2. Software/version assessment Using automated tooling to profile the software in use, understanding if any of that software has known vulnerabilities.
3. Carry out network-protocol attacks Carefully attempt to intercept traffic, or exploit weaknesses in protocols in use, in order to gain access to data, sessions or credentials.
4. Target Objectives Attempt to achieve any set objectives (for example, gain access to Active Directory, a database, etc)

The particular objectives of the engagement will be discussed during a scoping call, along with any limitations, or systems which should be explicitly in or out of scope.

What you get

At the end of the engagement, you’ll receive a written report, detailing:

• At a high level, what key issues were identified, and what they mean to the business.
• Detailed descriptions of all issues which were identified, including reproduction steps, and how you can remediate them.

Process

All of our engagements follow a similar process:

1. We start by scoping the engagement, understanding what you're looking for, discuss the technologies and platforms in use, and any key concerns that you may have. From this, we produce a Statement of Work detailing the effort required, cost, any prerequisites, and our approach to the engagement.
2. Once the Statement of Work is signed, we'll work with you to schedule the work.
3. Prior to the engagement starting, we'll be in touch to organise any prerequisites we require and where practical will test these prior to the engagement. This will ensure the engagement commences on time.
4. The consultant will start the engagement and will provide regular updates. Any high or critical severity issues will be notified when they are found.
5. At the end of testing, a report will be produced and provided.
6. A close-out meeting is held to provide any additional context around the business impact of what we identified, and to provide a chance for any further questions on how to remediate what was found.
7. Optional Retesting can be carried out in order to ensure that any vulnerabilities have been successfully remediated.

Get in touch

We’d love to hear about your environment.