How long would it take a hacker to access your sensitive information or sabotage your mission-critical systems? How well could you withstand a sustained cyber attack? What damage could a system compromise cause to your operations, regulatory compliance and reputation?
QinetiQ’s Security Health Check service helps customers in government, law enforcement, defence and industry answer these questions and more, by subjecting their systems, applications and networks to determined penetration testing – expertly simulating both external and internal attacks. We use the same tools and techniques as the most highly skilled adversary.
It’s a proactive process that leads to a detailed understanding of an organisation’s risk, vulnerabilities and exposure to potential hackers – a foundation for:
Reducing business and reputational risk by eliminating weaknesses
Preventing data loss, for instance through the theft of IP (Intellectual Property) or customer data
Improving security posture, and demonstrating compliance with regulatory requirements
Increasing customer confidence and building credibility.
CREST and CHECK approved
QinetiQ’s Security Health Check team is approved by the CREST and CESG CHECK certification schemes.
Tailored to the customer
All the tests we undertake are tailored to a customer’s specific requirements, take into account the risk profiles of the system and the organisation, and are scoped to provide the best value. A QinetiQ Security Health Check could include:
Infrastructure testing to ensure servers, security devices and network components are built and secured in line with best practice.
Application testing to assess the threat from authenticated and unauthenticated attackers.
Wireless testing of networks based on both 802.11 and Bluetooth.
VoIP system testing that determines how vulnerable the phone system is.
On-host auditing to assess the security posture of a particular host, whether a standard build desktop, server or infrastructure component.
Product assessments of existing and new hardware/software solutions.
Social engineering to establish how easily processes and staff can be manipulated to divulge information or perform actions which might make further attacks possible.
Cyber intelligence using our Cyveillance™ open source intelligence capability to identify and eliminate threats through continuous, comprehensive internet monitoring and sophisticated intelligence analysis.
We then generate clear, concise and timely reports that prioritise areas of technical risk and present them in an easily understandable and actionable format.
QinetiQ’s track record in the penetration testing area is second to none. We carried out our first penetration test in 1994, and have the UK’s longest established pentest team, formed in 1996. We continually conduct pentests for a wide range of clients, keeping us up-to-date with all the latest threats and vulnerabilities.