CoNetrix Security is proud to introduce the launch of an updated Internal Penetration Test (IPT) Essentials service. IPT Essentials is a streamlined service designed to help organizations of all sizes identify and prioritize internal cybersecurity risks for organizations that do not yet need a full-scale internal penetration test.
Also Read:ย AppDirect Appoints Carl Emond as the General Manager of ITCloud
With experience from thousands of IT audits, penetration tests, and security assessments, CoNetrix Security has developed IPT Essentials to meet the growing demand for internal threat analysis that is both effective and budget friendly.
“We know that every organization’s security needs are different,” saidย Ed McMurray, General Manager of CoNetrix Security. “IPT Essentials is our way of offering a right-sized solution that is accessible, affordable, and still delivers the critical insights teams need to protect against internal threats.”
Two-Phase Testing for Focused Risk Mitigation Efforts
An Internal Penetration Test Essentials assessment from CoNetrix Security is performed in a two-phase approach. The vulnerability assessment phase begins with automated vulnerability scanning designed to quickly find weak links in an organization’s internal controls. Internal networks are assessed for areas such as:
Also Read:ย Cloud Hosting for Regulated Industries: Navigating Security, Sovereignty, and Scalability
- Known vulnerabilities and exposures (CVEs)
- Missing patches and updates
- Commonย misconfigurations
- Outdated software
- Poor password and user account configurations
Based on the vulnerability assessment findings from phase 1, phase 2 involves a limited penetration test performed to identify weaknesses that could be leveraged in the early stages of an attack, including:
- Credential exposure in shared files and SYSVOL
- Weaknesses inย Kerberos authentication
- Active Directoryย misconfigurations that allow privilege escalation
This two-phase assessment provides organizations with clear, actionable results by demonstrating how vulnerabilities could be exploited. Financial institutions and security-conscious organizations can use these insights to help prioritize the right security measures for reducing the risk of internal threats. The engagement provides high quality testing across the organization’s entire network and internal systems due to the efficiency of the data-gathering in phase 1 as well as demonstrating how an attacker would exploit internal systems in phase 2.
Also Read:ย Cloud Hosting for Regulated Industries: Navigating Security, Sovereignty, and Scalability
