BluSkills® Security

View Original

Security Testing

BluSkills specialist teams help businesses physically test their security. This helps you ensure your security is fit for purpose and physical penetration testing is often used by businesses and organisations who face increased levels of risk due to their industry, their operations or their products or assets.

Physical Penetration Testing

Penetration testing allows you to test, rehearse and evidence the effectiveness of your security systems, policies and staff, ensuring that your security is fit for purpose. Testing is conducted to the assessed likely threat actors capabilities, with BluSkills experts conducting actions from research and reconnaissance to physical exploitation of vulnerabilities.

What is pen testing?

Pen testing or penetration testing is an authorised simulated attack. Often used in relation to the testing of cyber security. Physical penetration testing applies the same principles but in relation to your physical security.

It is important to recognise that in a modern technological world, there is some crossover, with many physical security measures being based on or using technology and/or connectivity to make them user friendly. A good example of this might be a radio frequency identification tag (RFID) such as your swipe card which gives you access to your offices.

In the security sphere penetration testing forms the physical part of red teaming, the simulated attack of all security, both physical and cyber/information.

Do i need physical penetration testing?

Testing is a key and often overlooked tool in your security scheme. Security policies, security systems and personnel will be introduced and deployed. They will appear to work, but short of an attempt or incident, how do you know they are really fit for purpose?

This is where testing testing comes in, allowing you to check, refine and ensure your security has the effect you desire. Typically individuals at higher risk, or businesses who’s reputations and success are based on the strength of their security and reputation will invest in this service, but at all levels and degrees of testing, there is benefit to be had from employing this service.

What is involved in pen testing?

Pen testing is conducted to the specified skills levels of identified or perceived threats. what does this mean? If you or your business has not conducted a risk assessment and identified likely threat actors, you should do so and our consultants can help you do this.

Identifying likely risk actors enables you and us to better anticipate the skills levels, resources and lengths that threat actors will go to in breaching your security, or even their likely methods of doing so. You then develop the test around these threat actor strengths. For example if the most likely threat actor is an organised criminal, it is unlikely that they will have the same skills or resources as a state sponsored actor.

As part of the process, specialists will conduct detailed research, gather large amounts of information, identify or engineer vulnerabilities and if requested exploit those vulnerabilities.

Detailed evidence of findings and actions is gathered and is briefed back to the client in a formal document and in person through a back brief with key stakeholders. This helps the client to fully understand the vulnerabilities which were identified, the actions taken to exploit these vulnerabilities and the risks associated.

Consultation can then be conducted to assist in treating the vulnerabilities and risks identified along with an action plan.

Who will carry out my pen test?

This is a specialist service which, depending on the identified or perceived threat level, often requires a variety of niche skills and equipment. This means that this is a team task, with specialists moving in and out of the team at various stages.

BluSkills partner with experts and specialists who dedicate themselves to this trade and have a demonstrable background of successfully conducting pen testing to the highest standards.

How long does it take?

There is no standard timeframe for conducting physical pen testing. The periods required to gather enough information to act on is often weeks not days and depending on the difficulty can be longer, with phases of the service split over periods of time. There are methods which can shorten the timeframe of the process and targeting specific areas and having clear objectives can again reduce the time required.

If you have ever wondered if your security is effective, then you can benefit from the peace of mind physical penetration testing can bring. Get in touch with us today to speak with one of our experts to find out more.