How Do We Test Your Security?

If you’re running a business of any size, you will be concerned about the security of your systems and data. But as your business gets bigger and you handle more and more sensitive data, security suddenly becomes much more of a pressing issue to you and your clients. At Bridewell, we work with larger companies whose security hasn’t always grown with them, helping them identify and address weaknesses at every level.

We’re often asked how we are able to see these security issues, and what methods we use to identify and fix them. Well, in order to truly test your businesses security in detail, we need to don our “white hats” and do some hacking of our own.

Penetration Testing

Our primary security testing methodology is called a penetration test, which is also known as a pen test or ‘white hat attack’ (because the good guys are trying to break in). This means that one of our highly trained, pen testing experts will probe your business for weaknesses. This will be done using a mixture of automated testing tools and manual testing, and we vary our approach based on the client’s needs. Before the pen test, we will gather some information from you about your business, what you think are your weak points and what data you really need to protect. Our expert will then attempt to break into your business in the same way a hacker would.  Pen tests can be used to determine weak points, test your organisation’s security policy compliance, employee awareness and your ability to identify and respond to threats. Once the testing is complete, we provide a detailed report on our findings and provide advice and guidance that will help fix any weaknesses identified.

Security Hardening Configuration

Next, we have security hardening configuration, which assesses your systems against industry recognised benchmarks and best practice. Security hardening is basically the practice of securing a system by reducing its surface of vulnerability, which grows as the business does. Our security hardening configuration service is a fantastic way of generating what’s known as a ‘security baseline’ for your business, which then allows us to build a truly tailored security solution based on your requirements. We work with businesses on a one-off or an annual review basis to create these baselines, and work closely with them to strengthen their security systems moving forward. We use only recognised industry leading build standards, such as NIST and CIS Benchmarks, to provide your organisation with a security build solution perfect for you.

Vulnerability Scanning

And finally, we can also offer a less invasive vulnerability scan. This is the process of inspecting all potential points of weakness on a single computer or network as a whole to identify holes and areas of weakness. This scan is conducted by individuals with government level security clearance, and runs from end to end in the systems. A vulnerability scan detects and classifies weaknesses in computers, networks and communications equipment and predicts the effectiveness of countermeasures. It also compares details about the target attack surface to a database of information about known security holes in services and ports, anomalies in packet construction and potential paths to exploitable programs or scripts. Our scanners then compile a report of their findings, to be used in shoring up computer systems across the network.