Penetration Testing provides a comprehensive review of your organisation's information security. It's a deep dive into your network's security, designed to discover areas of concern and highlight where improvements could be made in infrastructure, procedures and policies. By ethically exploiting your organisation Chess can help find, prioritise and remediate vulnerabilities in your network.
Our specialist penetration testers use a combination of automated and advanced real-world techniques that are closely aligned with the Open Source Security Testing Methodology (OSSTM) to scan your network to ensure it is as secure as possible.
Entrusting your IT systems and sensitive data to a stranger for PEN testing can be a risky business. Chess is certified by The Council for Registered Ethical Security Testers (CREST), a non-profit organisation which aims to bring high quality and constancy to the global technical cyber security sector. CREST provide internationally recognised accreditations for organisations and individuals providing penetration testing services, ensuring you’re in safe hands, and that you can expect the very best from your penetration tester.
Carrying out a penetration test helps you:
- Think like the enemy — identifying vulnerabilities from the perspective of a ‘black hat’ attacker or malicious user
- Improve your business security stance, meet regulatory compliance such as PCI DSS, ISO 27001 and reduce risk of attack and data loss
- Assist with GDPR compliance
- Ensure that due care is demonstrated by your organisation and its directors
- Helps preserve your brand and reputation
- Provides reassurance that your people are working to best practices
- Highlights areas that can be improved using your existing security product licenses and technology to achieve return on investment
1. Scoping and Planning
Determining the reasons you need a penetration test, and documenting the process you are going to use. Understand your drivers and motivations for requiring a penetration test. Is it regulatory compliance? Or the fact that your business holds commercially sensitive intellectual property? Your motivations will influence the scope of your pen test.
Researching the network and establishing what details and data can be found. Your pen tester will review and gather information on the system or systems where entry points might exist and how they could be accessed. These will include elements such as employees, IP addresses, email addresses, websites, social media and other network-based systems.
3. Threat Assessment
Using various tools and techniques to identify potential vulnerabilities, gateways and vectors into the network. Commonly, pen testers use a mix of automated and manual tools to examine attack avenues and find network vulnerabilities.
4. Exploitation of Vulnerabilities
Attempts to penetrate the network defences and (if in scope) gain of control over a target system. The aim, having first gained access to the network, is to see how far the attack can go, establishing administrative privileges where possible and then using them to effect lateral movement to other systems.
Having completed the exploitation phase, the pen tester will create a penetration test report which includes findings on the vulnerabilities discovered, the full extent of access that was gained, detail of systems that were breached, changes (if any) that could be made and a set of recommended remediation actions.
If required, your penetration tester may provide consultancy services to reduce or fix any vulnerabilities found and improve overall security. It’s also worth saying that your pen testing provider will ideally offer a social engineering test, such as a phishing exercise. The human security interface is always a difficult area because internal employees may unwittingly be duped into giving hackers security information or may click on bogus links.
Our UK-based engineers are certified to the highest standards and have proven experience in the field, including:
- CREST Approved
- Highly trained Penetration Testers (OSCP, CREST, SANS)
- Field engineers who are experienced and talk your language
- 2 levels of penetration test services to work within your budgets
- Penetration tests follow an established methodology
- Vulnerability Assessments and IT Health Checks.
Penetration Testing Knowledge
Chess Wins Two Cybersecurity Awards
The Chess team have proven the invaluable work they do and have been recognised for their outstanding performance and commitment to securing organisations, by picking up two awards in the Sophos Partner Awards 2020 - Public Sector Partner of the year and Education Partner of the year.
Changes to Terms and Conditions
We have made an amendment to our General Conditions to include a definition of Supplier. We have made this change because the General Conditions together with the relevant product and service specific terms and conditions contained with Schedules 3 and 4 will soon apply to all direct customer contracts across the Chess Group.
Terms and Conditions - WLR Single Analogue Lines, WLR Multiline, ISDN2 and ISDN30 Services – COVID-19
In response to the current COVID-19 pandemic Openreach has confirmed that they have put in place a support scheme for Small and Medium Enterprises with respect to WLR Single Analogue Lines, WLR Multiline, ISDN2 and ISDN30 services whereby they will support Small and Medium Enterprises, upon request, to;