Managed Penetration Testing

Teceze’s managed penetration testing service is an effective and economical method of determining the security of your networks and web applications, enabling your organisation to identify the best way to protect its assets. For most organisations, it can be difficult to hire and retain the specialist staff necessary to perform the recommended annual or semi-annual penetration tests.

Our expertise in complex networks and standards means we can offer a structured framework to help you achieve your development and compliance needs under one contract to meet your annual and bi-annual penetration testing requirements

MANAGE OUR SERVICES

Our Step by Step Process

Icon

Speed of implementation

Our Managed Security Firewall Service seamlessly integrates with your network and can be up running within days, not months. We deliver instant results through visibility of events and analyse on a live dashboard with in-depth reporting.

Icon

Robust reporting

Our Managed Security Firewall Service brings you comprehensive technical, operational and trend reports that communicate security status and satisfy compliance requirements.

Icon

24/7 Teceze Security Operation Centre

Our Managed Security Firewall solution allows you to be a Firewall service user, not an administrator. This means that you have access to Firewall service to view the data and run required reports whilst maintaining a certain level of privileges. The Firewall service is constantly monitored by our 24/7 Security Operations Centre where the team will carry out monitoring, management and incident response to security events and alerts

Benefits of the Managed Penetration Testing

  • Increase savings over time and insure procurement of your annual penetration testing requirements against any price fluctuations
  • Make budget planning easier with pre-scoped tests and transparent fixed pricing.
  • Maintain compliance against standards and legislation where there is an annual penetration testing requirement.
  • Save time in negotiations, hold-ups with the legal department and preparation for testing with one contract and
  • Better fit your testing requirements into the window between each development being completed and going liv​e

Our engagement process

Penetration testing programme development

  • Our CREST-accredited penetration testing consultants can help you develop your managed penetration testing requirements by developing a penetration testing programme that combines
  • level 1 penetration testing of your estate and
  • level 2 testing of your critical systems and assets to maximise value.

Scoping

Before a test, our account management team will discuss your assessment requirements for your systems, networks or applications to define the scope of the individual test.

Reconnaissance

We will attempt to gather information about your organization and how it operates. We will use automated scanning to identify potential security holes that could lead to your systems being compromised.

Assessment

We will conduct manual tests (e.g. authentication bypass, brute-force attack, public exploits) to compromise your system environment and identify attack vectors for your wider network.

Reporting

We will provide a detailed breakdown of all your results in an easily interpreted format based on the damage potential, reproducibility, exploitability, number of affected users and discoverability of each finding.

Re-test

We can provide access to our testers and the raw test data to support and expedite remediation. We can also retest your systems so that you can be sure all identified issues have been successfully resolved

Teceze Penetration Testing Services

External Network Penetration Testing

A network penetration test aims to assess your network for vulnerabilities and security issues in servers, hosts, devices and network services.

This generally includes:

  • Identifying and assessing all Internet-facing assets a criminal hacker could use as potential entry points into your network;
  • Assessing the effectiveness of your firewalls and other intrusion-prevention systems; and
  • Establishing whether an unauthorised user with the same level of access as your customers and suppliers can gain access to your systems via the external network.

Clients will receive information about the identified vulnerabilities in a format that allows them to assess their relative business risk and the cost of remediation. This information can be used to resolve the vulnerabilities in line with the network owner’s budgCliet and risk appetite.

Internal Network Penetration Testing

Internal penetration testing assesses what an insider attack could accomplish. The target is typically the same as external penetration testing, but the major differentiator is the attacker either has some sort of authorised access or is starting from a point within the internal network.

An internal network test generally:

  • Tests from the perspective of both an authenticated and non-authenticated user to assess potential exploits;
  • Assesses the vulnerabilities that exist for systems that are accessible to authorised login IDs and that reside within the network; and
  • Checks for misconfigurations that would allow employees to access information and inadvertently leak it online.

Once identified, the vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. These can then be resolved in line with the network owner’s budget and risk appetite, inducing a proportionate response to cyber risks.

Web Application Penetration Testing

A web application penetration test aims to identify security issues resulting from insecure development practices in the design, coding and publishing of software or a website. This generally includes:

  • Testing user authentication to verify that accounts cannot compromise data;
  • Assessing the web applications for flaws and vulnerabilities, such as XSS (cross-site scripting);
  • Confirming the secure configuration of web browsers and identifying features that can cause vulnerabilities; and
  • Safeguarding web server security and database server security.

The vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. These can then be resolved in line with the application owner’s budget and risk appetite, inducing a proportionate response to cyber risks

Phishing Penetration Testing

Teceze simulated phishing attack aims to establish whether your employees are vulnerable to phishing emails, so you can take immediate action to improve your cyber security. This service gives you an independent assessment of employee susceptibility to phishing attacks and provides a benchmark for your security awareness campaigns. After completing the simulation, the results of the test can be shared with employees. As part of this feedback, Teceze has developed an e-learning module to help your staff understand how phishing attacks work, the tactics that cyber criminals employ to lure inattentive users, and how to spot and avoid a phishing campaign

Social Engineering Penetration Testing

Educating your employees about how social engineering attacks are carried out and implementing and maintaining appropriate security controls to mitigate them, is critical. Teceze Social engineering penetration tests provide a basis on which to highlight issues with operating procedures and to develop targeted staff awareness training.

Our social engineering penetration test will help you:

  • Establish the publicly available information that an attacker could obtain about your organisation;
  • Evaluate how susceptible your employees are to social engineering attacks;
  • Determine the effectiveness of your information security policy and your cyber security controls at identifying and preventing social engineering attacks; and
  • Develop a targeted awareness training programme.

Wireless Network Penetration Testing

Wireless networks are everywhere. Employing a wireless solution can offer greater flexibility, but it comes with greater potential for the attack as it expands your organisation’s logical perimeter. From rogue access points to weak encryption algorithms, threats to wireless networks are unique and the risks can be significant. Wi-Fi can provide opportunities for attackers to infiltrate an organisation’s secured environment – irrespective of security access controls. Penetration testing can help identify weaknesses in the wireless infrastructure.

Wireless network testing generally includes:

  • Identifying Wi-Fi networks, including wireless fingerprinting, information leakage and signal leakage;
  • Determining encryption weaknesses, such as encryption cracking, wireless sniffing and session hijacking;
  • Identifying opportunities to penetrate a network by using wireless or evading WLAN access control measures; and
  • Identifying legitimate users’ identities and credentials to access otherwise private networks and services.
  • Once identified, the vulnerabilities are presented in a format that allows an organisation to assess their relative business risk and the cost of remediation. They can then be resolved in line with the network owner’s budget and risk appetite, helping them respond proportionately to cyber

The benefits of completing a wireless network penetration test

  • Get real-world insight into your vulnerabilities.
  • Detect default Wi-Fi routers.
  • Identify rogue or open access points.
  • Spot misconfigured or accidentally duplicated wireless networks.
  • Flag security vulnerabilities in Bluetooth technology.
  • Identify insecure wireless encryption standards (such as WEP)

1

Bronze

Price-TBD

ACCOUNT MANAGEMENT SERVICES

  • Dedicated Client Relationship Manager
  • Monthly meeting with Operations Manager
  • Monthly SLA report

IMPLEMENTATION SERVICES

  • Hardware Procurement and capacity planning
  • New firewall Provisioning ( 10 per an year )
  • Feature Validation for Firmware

NETWORK DEVICE ADMINISTRATION

  • Device Administration
  • Configuration changes per customer requests
  • Device Configuration backup monitor for changes
  • Change Management leveraging the customer change control process
  • Unlimited Firmware Patching Updates
  • Failover testing

24 X 7 MONITORING SERVICES

  • Network Traffic Analysis
  • Hardware Health Monitoring
  • Hardware Availability Monitoring
  • Hardware Performance Monitoring
  • Capacity Monitoring

24 X 7 SUPPORT

  • Hardware Troubleshooting
  • Hardware Replacement
  • Hardware Maintenance
  • Access to 24x7 Network Operations Center
  • Access to Customer Portal w/ Customer-defined roles
  • Ticket Response time SLA (2 Hours)

FIREWALL AUDITING

  • Quarterly review of firewall rules and configurations
  • Quarterly firewall auditing report
  • Remediation

more

2

Silver

Price-TBD

ACCOUNT MANAGEMENT SERVICES

  • Dedicated Client Relationship Manager
  • Monthly meeting with Operations Manager
  • Monthly SLA report

IMPLEMENTATION SERVICES

  • Hardware Procurement and capacity planning
  • New firewall Provisioning ( 10 per an year )
  • Feature Validation for Firmware

NETWORK DEVICE ADMINISTRATION

  • Device Administration
  • Configuration changes per customer requests
  • Device Configuration backup & monitor for changes
  • Change Management leveraging the customer change control process
  • Unlimited Firmware Patching & Updates
  • Failover testing

24 X 7 MONITORING SERVICES

  • Network Traffic Analysis
  • Hardware Health Monitoring
  • Hardware Availability Monitoring
  • Hardware Performance Monitoring
  • Capacity Monitoring

24 X 7 SUPPORT

  • Hardware Troubleshooting
  • Hardware Replacement
  • Hardware Maintenance
  • Access to 24x7 Network Operations Center
  • Access to Customer Portal w/ Customer-defined roles
  • Ticket Response time SLA (60 Mins)

FIREWALL AUDITING

  • Quarterly review of firewall rules and configurations
  • Quarterly firewall auditing report
  • Remediation

more

3

Gold

Price-TBD

ACCOUNT MANAGEMENT SERVICES

  • Dedicated Client Relationship Manager
  • Monthly meeting with Operations Manager
  • Monthly SLA report

IMPLEMENTATION SERVICES

  • Hardware Procurement and capacity planning
  • New firewall Provisioning ( 10 per an year )
  • Feature Validation for Firmware

NETWORK DEVICE ADMINISTRATION

  • Device Administration
  • Configuration changes per customer requests
  • Device Configuration backup & monitor for changes
  • Change Management leveraging the customer change control process
  • Unlimited Firmware Patching & Updates
  • Failover testing

24 X 7 MONITORING SERVICES

  • Network Traffic Analysis
  • Hardware Health Monitoring
  • Hardware Availability Monitoring
  • Hardware Performance Monitoring
  • Capacity Monitoring

24 X 7 SUPPORT

  • Hardware Troubleshooting
  • Hardware Replacement
  • Hardware Maintenance
  • Access to 24x7 Network Operations Center
  • Access to Customer Portal w/ Customer-defined roles
  • Ticket Response time SLA (30 Mins)

FIREWALL AUDITING

  • Quarterly review of firewall rules and configurations
  • Quarterly firewall auditing report
  • Remediation

more

Why Choose Teceze

Our structured and proven approach provides tangible results at a competitive price. Teceze uses a tailored approach to make sure our security testing meets the maturity and expectations of your business. Our fixed-cost packages are ideal for small and medium-sized organisations, or for those with no experience of penetration security testing. For organisations with more complex objectives, or that need a more detailed exploration of complex or sensitive environments, our technical services team can provide additional scoping support and pen testing expertise.

Our team Our technical services team includes highly skilled penetration testers who can test your system defences and websites for vulnerabilities, carry out exploits in a safe manner, and advise on appropriate mitigation measures to make sure that your systems are secure.

We hold accreditation at individual levels Our penetration tests are performed by industry-accredited security testers, who use their diverse knowledge of penetration and vulnerability testing and the associated security challenges to deliver accurate results.

Practical solutions to help you meet your legal, regulatory and contractual requirements Our expertise in standards such as the PCI-DSS, ISO 27001, the GDPR and ISO 9001 means we can offer an integrated approach and can develop suitable solutions that will help you to reduce your risks and ensure compliance with standards, frameworks, legislation and other business requirements.

Get a Quote

Number of employees in the company

Quote