Our Network Penetration Testing services are offered at three adjustable levels to help meet the unique cost and capability requirements of each customer. All three levels of service include free retesting, free vulnerability scanning and a possible certificate of security depending on the final results of the test. Tests can be carried out from an Internal or External perspective and can include but are not limited to Web Applications, APIs, WiFi, Physical Security Testing and more. All findings are added to a technically detailed report that can be customized to meet specific customer requirements. All reports contain a global security score, executive summary, and technical details accompanied by methods of remediation.View Service Levels
Silver level Network Penetration Testing produces a level of threat consistent with the industry standard. At this level testing begins by running one or more automated vulnerability scanners against the in-scope targets. When the scans are complete the results are reviewed, and any identified vulnerabilities are confirmed through active exploitation. This level of service is ideal for clients looking to receive a low-cost test that will satisfy some security requirements.
Gold level Network Penetration Testing produces a level of threat that is substantially greater than the industry standard. This level of service uses Real Time Dynamic Testing™, an advanced research-based methodology that incorporates over 20 years of 0-day vulnerability research and exploit development experience. The Gold level specifically tests network connected devices such as servers, desktops, web applications, etc. This service aims to test customers at a level of threat that is at least realistic from a technological perspective. The Gold level of service offers a limited set of Threat Augmentation Modules (“TAMS”) such as statistical spear phishing and distributed metastasis (aka pivoting).
Platinum level Network Penetration Tests produce a level of threat specifically designed to match the capabilities of real-world threat actors. That threat can range from basic (script kid) to highly advanced (nation state). At this threat level a wider variety of TAMS are available which include Advanced Social Engineering, Advanced Physical Security Testing, Stealth / Evasive Testing, 0-Day malware (its safe, we made it), the deployment of clone networks, distributed attacks, distributed scanning, covert distributed metastasis, the creation and deployment of weaponized hardware (see our PRION mouse), and much more. This service level also uses Real Time Dynamic Testing™ and can be delivered with or without the use of automated vulnerability scanners. When operating at the Platinum level of service in an unrestricted capacity we maintain a 98.6% success rate at domain compromise from the vantage point of an unauthenticated external threat.
Quality Network Penetration Testing
To be effective a penetration test must produce a level of threat that at least matches that which is likely to be experienced in a real-world scenario. Testing at less than realistic levels of threat provides little to no protective benefit and can promote false sense of security. Netragard measures the quality of a penetration test, in large part, through a comparison of its capabilities to those of real-world threat actors. If the test fails to produce the same level of threat and coverage as real-world threat actors, then the test is considered lower quality. If a test matches or exceeds the capabilities of real-world threat actors, then the test is considered higher quality.