Evaluate your risk from an attacker that breaches the perimeter
Internal network penetration testing focuses on identifying vulnerabilities within an organisation’s internal network, such as servers, workstations, and other connected devices. The objective is to identify security weaknesses that could be exploited by an attacker who has already gained access to the network and determine the extent of the damage that could be inflicted. During the testing process, our team will attempt to exploit any identified vulnerabilities to compromise systems and escalate network privileges. We will also assess the effectiveness of existing security controls and provide recommendations to enhance the security posture of the network.
A variation on internal network testing is an “Assumed Breach” exercise, which is a hybrid of adversarial-type testing and an internal network assessment where equivalent access to a compromised end-user device and credentials is provided. An Assumed Breach exercise typically involves avoiding detection, whereas an internal network assessment foregoes stealth in exchange for speed and coverage. Carapace offers both of these types of testing.
By conducting regular internal network penetration testing, organisations can proactively identify and address potential security threats, reduce the risk of data breaches, and better protect their critical assets from cyberattacks. Internal network testing is also an essential part of hardening your network against the techniques used by ransomware groups.