Malware. Ransomware. Social engineering schemes. Brute force attacks. How confident are you that your protective measures are effective against current and emerging cyberattacks?
Independent penetration testing is the ultimate gauge of cyber defense effectiveness. Kroll’s CREST-certified experts have unique insights into the cyber risk landscape, including the tactics, techniques and procedures (TTPs) attackers typically deploy to gain access to digital assets.
Using real-world hacker techniques, we simulate attacks on your organization to identify gaps in your security. Common targets include the internet perimeter, internal and external network infrastructure, websites, databases, applications, and even your employees.
Don’t assume a crack is too small to be noticed, or too small to be exploited. If you do a penetration test of your network and 97 things pass the test but three esoteric things fail, don’t think they don’t matter.
Our five-phase approach incorporates two powerful sources of insight: the front-line experience of our global team of preeminent cyber investigators and the real-time threats gleaned from sophisticated technology resources, including our patent-protected dark web tools. For organizations whose cyber maturity is advanced, we can also provide red teaming exercises (on a onetime or periodic basis) that focus on specific objectives and scenarios provided by your team.
At the conclusion of our penetration testing, we provide substantive evidence of our findings and can recommend countermeasures to reduce your risk.
Kroll’s Five-phase Penetration Testing Approach
- Project Initiation
Our experts work with your team to develop goals and objectives with a focus on high-value assets.
- Information and Intelligence Gathering
Using reconnaissance techniques, we collect and examine publicly available information about your company and employees to identify potential attack vectors. Our extensive review
includes examining public websites, social media, domain registries and dark web data.
- Threat Modeling Exercise
Kroll experts analyze the reconnaissance information, identify potential attack vectors and develop a plan of attack for testing.
- Attack Execution
We attempt to access your organization’s environment using methods employed by real-life adversaries. The attack will target your IT infrastructure, websites, applications and employees.
- Reporting and Consultancy
Our final report summarizes our actions during testing, details any weaknesses we identified and includes remediation guidance to reduce the risk of compromise by a real-life adversary.
- Named the Best Cyber Security Consultancy by the National Law Journal for the past four years. Kroll has assembled an exceptional team with a proven track record in penetration testing services.
- Senior team members have each spent decades working in cybersecurity, and our award-winning penetration testers are certified to some of the highest global industry standards, including CHECK, CREST (CCT/CRT), and SANS (GIAC).
- Our testers have diverse backgrounds in information technology, application development and cyber investigations. This experience enables them to anticipate evolving and emerging cyber threats for our clients across industries and jurisdictions.
Comprehensive Related Services
- Network Penetration Testing – External and Internal
- Application Penetration Testing – External and Internal
- Web Application Penetration Testing
- IoT Device Penetration Testing
- Dark Web Risk Exposure
- Social Engineering Exercises
- Red/Blue Team Exercises
- Due Diligence Assessments
Baseline Assessment Including Pen Testing – Multidivisional Professional Services Company
An international, multidivisional professional services company was looking for a baseline assessment to prepare for ISO27001 certification. Kroll conducted an assessment that included external and internal vulnerability assessments and penetration testing. Kroll was able to present the client with a detailed report that described its level of maturity as assessed against the ISO27001 control objectives, and included recommendations for improvement.
To validate your confidence in your current measures and learn where to focus resources moving forward, contact one of our testing experts today.
CREST has accredited Kroll as a global Penetration Testing provider.
End-to-end cyber security services provided by unrivaled experts.Cyber Risk
Remediate and Restore
Call center and breach notification services across a myriad of industries and geographies.Remediate and Restore
Investigate and Respond
Identify vulnerabilities, intrusions and data ex-filtrations and provide recommended solutions.Investigate and Respond
Prepare and Prevent
Internal and external assessments to evaluate clients' systems, applications, and facilities.Prepare and Prevent
Kroll Nominated for 2019 FT Intelligent Business Award in Cyber Security
Michael Quinn Talks to Global Finance about Corporate Hacking and Response Plans