Our focus is to deliver the highest quality services, helping our customers achieve their goals

Network Penetration Testing

Which Penetration Test is Right for You? Penetration Testing can include so many different elements, that the first challenge is first deciding what tests should be commissioned.

For companies conducting regular tests who wish to gain a greater understanding of Penetration Testing, and how to engage with security suppliers, we recommend our one day Security Management course.

Matta has advisors, which can help you scope the requirements based on your objectives, budget and timescale. In a perfect world all the requirements can be met with the existing budget you had in mind. If this is not possible, however, we can suggest ways to gain the most benefit, and prioritise activities.

External Penetration Test Conducting a penetration test on the public facing network is something most companies should consider doing at least annually. Apart from the obvious reasons of good compliance, it is important to supplement any VA work you may be doing with a full consultant based Penetration Test to ensure that your network is truly as robust as you think it may be from an attacker.

A consultant Penetration Test conducted by professionals may find issues that an automated test will miss. Although more expensive than an automated scan, the customer will have a high degree of confidence in the security of their network from a real attacker.

Penetration Tests on your external infrastructure give the following benefits:

Host discovery determines your 'footprint' on the Internet
Comprehensive testing of all hosts on your DMZ
Meet compliance requirements
Identify common and less common misconfigured services, such as SSL certificates, and VPN's
Identify out of date software that needs to be patched
Validate your actual firewall rules vs. what they should be
Identify rogue services, such as 'handy', but insecure developer portals

Additionally, Matta will scan the clients IP range to discover or validate the known hosts, and will conduct a number of 'open source' tests looking for information about the company a hacker would find useful.
Internal Penetration Test Conducting Internal Penetration Tests has rapidly become a critical part of the Security Managers requirement. For good reason too, as anyone who has had to face questions from their board after an incident, can testify. The business drivers for internal network tests include:

Ensuring access to sensitive data is restricted to authorised parties
Validating the network's resilience to worm or virus propagation
Securing third party links, and ensuring they have access to only the services they are authorised to access
Compliance Requirement

Internal network tests can be conducted to varying degrees of detail, and focus on different 'Attack Vectors'. An Attack Vector is simply a way in which we think an attacker might attempt a compromise. For example, using SQL querying tools to access a database in an un-authorised manner is an attack vector if your concern is ensuring confidentiality on your database.

Back to services

What people say about us

Matta understands my business, and they take the time to explain and demonstrate any findings, so I understand the impact both from a technical perspective and in a business context. I see them as adding true value to my operations, and recommend them whole-heartedly.

Republic Bank

I'd like to just say how impressed by your representative we were. He was very knowledgeable about wireless and network security and filled us with confidence. We were also pleased that when he'd done all he could on the wireless, he actively sought out other ways to improve our security of our wired network.

St Clements

I would like to say big thank you for all your input. Both, the audit and our security policy review have been very useful and will allow us to address the issues accordingly.

If required I would be very happy to use your services in the future.

National Centre for Languages

Vulnerability Assessment
Vulnerability Assessment