Perform internal assessments remotely without the need for an onsite engineer utilising SecureGateway which is delivered as either an appliance or downloadable VMWare image
EnquireA Penetration Testing methodology is the organisation and execution of an assessment – in basic terms it is the process of testing.
Methodologies exist to identify security vulnerabilities. Vulnerabilities can be present on many different platforms, so different assessment types exist to assess the different environments. Assessment can range from, security audits, dynamic analysis, web application assessment, infrastructure assessment, cloud assessment and many more.
In order to facilitate a cybersecurity service for these situations, Pentest People have developed a solution that provides the same level of internal access without the need to have a consultant on the client site to perform the required assessment. This solution is called SecureGateway and this can be delivered either as a standalone appliance or a downloadable VMWare image.
The SecureGateway appliance is a small but powerful remote access server that allows Pentest People consultants to perform their security assessment remotely. Its small form factor is convenient for transportation to client locations, and its automated processes do not require any configuration by the client. All that is required is a standard 10/100/1000 Ethernet port and a DHCP server to allocate an IP address.
Evolving Testing With SecureGateway
Internal Infrastructure Assessments, including IT Health Checks, are a perfect candidate for SecureGateway.
These types of tests traditionally rely upon an engineer being onsite at the client’s location for the duration of the assessment.
In an Internal Infrastructure Assessment, SecureGateway provides the Pentest People consultant with an in-band secure network connection that provides the same security toolset required to perform the assessment that the consultant would normally bring to site with their laptop.
This allows the consultant to perform the infrastructure assessment as if they were sat within the client’s location and connected to the client’s network.
Web Application Assessments are usually performed externally, however, we do also perform assessments on applications that are internal within an organisation.
In these cases we usually have to send a Web Application Security Consultant to a client’s site where the application is tested from within the client’s network.
SecureGateway can be used by a client to provide a secure in-band connection for the Pentest People consultant.
With this connection, the consultant can configure a secure proxy so that all of the Penetration Testing can be performed from a remote location as if the consultant was physically connected to the client’s network.
There are many advantages to using Pentest People’s SecureGateway.
Remote working is still highly preferred. Not only this, but remote testing opens doors for international businesses and offices with strict on-site policies.
By utilising SecureGateway, Pentest People can still perform an Internal Penetration Testing Assessment without requiring a consultant to be onsite.
Using SecureGateway can reduce the cost of an engagement as there are no travel expenses incurred by Pentest People which would be recharged to the client.
SecureGateway also brings efficiencies in time-saving due to travel and clients are paying purely for testing time rather than consultant travel time.
FAQs
If you have an existing VMWare server infrastructure that can provide the required network visibility to the devices being tested, then it is easier to utilise the VMWare image as this can be downloaded over a secure one time link and then up and running within your infrastructure very quickly. If you do not have a VMWare server or the server is in a protected network segment than the use of the standalone network application would be recommended.
An assessment performed utilising SecureGateway does not differ from one where the consultant is onsite at the client's location. The consultant's toolset is identical and the methodology is common across both assessment types. The service and deliverables from the assessment will be to the exact same standard and procedure as a service in which the consultant comes to your company's premises.
When using SecureGateway, all of the data is stored at the Pentest People ISO27001 compliant Security Operations Centre where it is analysed and then uploaded to SecurePortal in the same way as it is when performed manually by a consultant. There is no further risk to the client's data by using SecureGateway.