As part of NHS Data Security Toolkit, Microminder recommend a penetration test is carried out at least once per year, however with costs of approximately £1-2k per test, practices have put this off. But now, with Microminder’s new offering we’ve made having a penetration test much more affordable and without compromising on quality or security.
In a time where news of data breaches are becoming “the new normal,” the need for practices to evaluate their overall risk and avoid becoming the next victim has become critical. Practices simply can’t protect themselves from risks they’re unaware of. Additionally, many practices are simply unsure where to start.
During a time where attackers are becoming more sophisticated and performing these attacks on a regular basis, it is imperative that practices establish and maintain an information security program that allows them more flexibility on when and how often they can assess their environments.
As small and mid-sized businesses (SMBs) embrace new technological developments like the rise of artificial intelligence (AI), cloud computing, and the internet of things (IoT), they often overlook the security implications of digital transformation. This leaves many practices vulnerable to cyber theft, scams, extortion, and countless other cyber crimes. As a result, two in three SMBs suffered a security breach in the last year and cyber attacks are becoming increasingly sophisticated, targeted, and damaging. With the average cost per incident exceeding £300,000 as it is, a single security breach can be detrimental to a small firm . It is, therefore, vital that SMBs begin prioritising cyber security.
We offer scheduling flexibility. Let us know what day and time you’d like us to perform your penetration test and we can get it scheduled immediately with no delays.
Notifications are always sent out when the penetration test starts and stops, keeping important individuals in the know as to when things are going on. This is also helpful in case there are some alerts that get triggered.
The data provided in the reports will always be very informative. How these risks affect your practice, where your practice stands compared to its peers, how this compares to the last assessment, etc. are all examples of data that are included in each report.
Our pricing is very competitive when compared to traditional penetration testing firms but provides a lot more value for the same or smaller price point.
Your IT team can always log into their portal to get a list of contacts involved in the project, communicate with our consultant, as well as get a progress update that provides preliminary results and expected completion dates.
Because all activities are tracked, including any manual activities conducted by a consultant, practices can download this activity log and correlate activities with their SIEM and incident response procedures. This is extremely useful in helping practices make adjustments and tweak their controls, reducing the turnaround time for detection and response.
Automatically perform egress filtering to ensure that your organization is effectively restricting unnecessary outbound traffic. Unrestricted outbound access can allow a malicious actor to exfiltrate data from your organization’s environment using traditional methods and unmonitored ports.
Upon the discovery of user account credentials, mPenTest will automatically attempt to validate those credentials and determine where they are most useful. This is a common process executed by both malicious attackers and penetration testers and is performed during privilege escalation.
Using a valid set of credentials, mPenTest will attempt to identify valuable areas within your organization. This is conducted through a variety of methods, including the use of mPenTest’s Leprechaun tool which assists in identifying where sensitive targets are.
Critical data leaving your organization is an extremely serious concern. If access to confidential and/or sensitive data can be attained, mPenTest will simulate and log this activity to help your organization tighten areas that should restrict data exfiltration.
With elevated access, mPenTest will attempt to upload malicious code into remote systems in an attempt to test the organization’s end-point anti-malware controls.
Our detailed deliverables will allow your network staff to cross reference our activities with monitoring and alerting controls.
Using a device connected to your internal environment, our consultants will discover security vulnerabilities present within the internal network environment. These activities simulate that of a malicious attacker.
Assuming the role of a malicious attacker from the public Internet, our consultants will identify security flaws within your external network environment. These flaws can include patching, configuration, and authentication issues.