Internal Network Penetration Testing

Assessing an Inside Attacker’s Access

Tyler Cybersecurity’s Internal Penetration Test is designed to demonstrate what a potential attacker could access if given a device or devices connected to your organization’s internal network. Using a defined connection and scope, our experts will use a set of sophisticated attack techniques to try to gain access to your valuable systems.

This testing will allow us to:

  • Identify weaknesses in the network and system architecture.
  • Identify potential exploits and entry points into critical devices and systems.
  • Identify system- and application-specific vulnerabilities, including lax access controls.
  • Exploit identified vulnerabilities (authorization required).
  • Test the strength of existing intrusion detection and response systems.
  • Fulfill requirements of applicable regulations and compliance standards.
  • Provide recommendations for mitigating the vulnerabilities we’ve discovered.

The Tyler Cybersecurity Methodology

Tyler Cybersecurity has crafted and honed our internal penetration testing methods through years of experience performing these kinds of tests, and through attending courses and earning multiple certifications in penetration testing.  Here are our guidelines:

  • We will not test physical security controls, and will always require access to the building.
  • We conduct our testing using a combination of automated and manual tools, commercial and open source applications, and proprietary tools and testing mechanisms.
  • We will not attempt attacks known to cause a denial of service (DoS).
  • All testing is conducted by certified personnel, and we do not subcontract any part of the testing.
  • We will let you know each day by email when the testing will begin and end; you may choose to schedule testing during non-business hours.
  • At the conclusion of this testing, Tyler Cybersecurity may suggest additional testing, if warranted.

Only certified Tyler Cybersecurity personnel are authorized to conduct our testing, which we perform using commercial and open source applications both automated and manual, as well as internally developed proprietary tools and testing mechanisms. We never subcontract any part of our testing.

Reports and Recommendations

The Internal Penetration Test Report includes:

  • A summary of the findings presented in an executive report in PDF.
  • A corresponding interactive HTML report detailing vulnerabilities by severity and per device.
  • An action plan in Microsoft Word detailing our recommended remediation activities.

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More