Penetration Testing

Learn exactly how vulnerable your most critical assets are to cyber attacks

Organizations do all they can to protect their critical cyber assets, but they don’t always systematically test their defenses. Penetration Testing from Mandiant Consulting helps you strengthen your security for those assets by pinpointing vulnerabilities and misconfigurations in your security systems.

general-firewall2
 
mandiant-logo

Overview

To provide this service, Mandiant security experts simulate the tactics, techniques and procedures (TTPs) of real-world attackers targeting your high-risk cyber assets. Our deep knowledge of advanced persistent threat (APT) attacker behavior can help you:

  • Determine whether your critical data is actually at risk
  • Identify and mitigate complex security vulnerabilities before an attacker exploits them
  • Gain insight into attacker motivations and targets
  • Get quantitative results that help measure the risk associated with your critical assets
  • Identify and mitigate vulnerabilities and misconfigurations that could lead to strategic compromise

What you get

  • High level executive summary report
  • Technical documentation that allows you to recreate our findings
  • Fact-based risk analysis to validate results
  • Tactical recommendations for immediate improvement
  • Strategic recommendations for longer-term improvement

M-Trends 2017: Trends behind today’s breaches and cyber attacks

Explore the trends that define today’s threat landscape based on Mandiant’s investigation of the year’s successful breaches and cyber attacks.

Download report

M-Trends 2017 Infographic

Explore the trends and get statistics based on Mandiant’s investigation of the year’s successful breaches and cyber attacks across the globe.

Learn more

Real attacks. Real learning. Real refinement.

Penetration tests conducted by Mandiant Consultants are customized to your environment; no two assessments are ever the same. A wide variety of penetration testing options are available, with each option providing information that can dramatically improve security in your organization.

Penetration test Objective Benefit
External Penetration Test icon
External Penetration Tests External Penetration Tests
Identify and exploit vulnerabilities on systems, services and applications exposed to the Internet Identify and exploit vulnerabilities on systems, services and applications exposed to the Internet Understand risk to assets exposed to Internet Understand risk to assets exposed to Internet
Internal Penetration Test icon
Internal Penetration Tests Internal Penetration Tests
Emulate a malicious insider or an attacker that has gained access to an end user's system, including escalating privileges, installing custom crafted malware and/or exfiltrating faux critical data Emulate a malicious insider or an attacker that has gained access to an end user's system, including escalating privileges, installing custom crafted malware and/or exfiltrating faux critical data Understand risk to business from a breach Understand risk to business from a breach
Web Application Assessment icon
Web Application Assessments Web Application Assessments
Comprehensively assess web or mobile applications for vulnerabilities that can lead to unauthorized access or data exposure Comprehensively assess web or mobile applications for vulnerabilities that can lead to unauthorized access or data exposure Understand the security of applications that broker access to critical data Understand the security of applications that broker access to critical data
Mobile App Assessment icon
Mobile Application Assessments Mobile Application Assessments
Comprehensively assess the security of mobile devices and installed applications Comprehensively assess the security of mobile devices and installed applications Understand risk introduced to your organization through newly developed mobile applications or company-issued cell phones Understand risk introduced to your organization through newly developed mobile applications or company-issued cell phones
Social Engineering icon
Social Engineering Social Engineering
Assess security awareness and general security controls with respect to human manipulation, including email, phone calls, media drops, and physical access Assess security awareness and general security controls with respect to human manipulation, including email, phone calls, media drops, and physical access Understand how your organization reacts to exploitation of human beings Understand how your organization reacts to exploitation of human beings

Wireless Technology Assessments Wireless Technology Assessments
Assess the security of your deployed wireless solution, be it an 802.x, Bluetooth, zigbee, or others Assess the security of your deployed wireless solution, be it an 802.x, Bluetooth, zigbee, or others Understand how secure your data in transit and systems communicating via wireless technology actually are Understand how secure your data in transit and systems communicating via wireless technology actually are
Embedded Device icon
Embedded Device and Internet of Things (IoT) Assessments Embedded Device and Internet of Things (IoT) Assessments
Assess the security of your device by attempting to exploit the embedded firmware, control the device by passing or injecting unsolicited malicious commands, or modify data sent from the device Assess the security of your device by attempting to exploit the embedded firmware, control the device by passing or injecting unsolicited malicious commands, or modify data sent from the device Understand the security of your device and your ability to guarantee that the commands issued to and information received from it are legitimate Understand the security of your device and your ability to guarantee that the commands issued to and information received from it are legitimate
ICS Penetration icon
ICS Penetration ICS Penetration
Combine penetration testing and exploitation experience with ICS expert knowledge to prove the extent an attacker can access, exploit or otherwise manipulate critical ICS/SCADA systems Combine penetration testing and exploitation experience with ICS expert knowledge to prove the extent an attacker can access, exploit or otherwise manipulate critical ICS/SCADA systems Understand the vulnerabilities in your ICS system before an attacker exploits them Understand the vulnerabilities in your ICS system before an attacker exploits them

Our Approach

The penetration testing service applies a systematic approach to uncovering vulnerabilities that leave your critical assets at risk. It is comprised of four steps: target reconnaissance, vulnerability enumeration, vulnerability exploitation and mission accomplishment.

In target reconnaissance, Mandiant consultants gather information about your environment, including company systems, usernames, group memberships and applications.

For vulnerability enumeration, Mandiant security professionals seek to identify your exploitable vulnerabilities and determine the best way to take advantage of them.

In vulnerability exploitation, penetration testers attempt to realistically exploit the identified vulnerabilities using a combination of publicly available exploit code, commercial penetration testing tools and customized exploit code and tools.

Finally, we arrive at mission accomplishment, which may be in the form of Mandiant experts gaining access to your internal environment via the Internet, stealing data from segmented environments or subverting a device with malicious commands.