• Rory O'Reilly Operations Director

    Rory joined Synergy in July 1994, he has since played a vital role in the development of the overall business and is a key leader of the teams responsible for achieving .... Read more

Penetration Testing

Synergy Security Solutions Security Solutions understands that security is about more than just controls.

This is why our Penetration Testers are also trained in Social Engineering and special attack and deception techniques. We will employ the same methods that malicious actors would use against your organisation. For example, methods use such as force on force, dumpster diving, lock picking, social engineering, physical access compromise and 'simulated sabotage' would be utilised. While these techniques may seem extreme, it is important to remember: "Bad guys don't follow rules, and they don't play nice."

Before we test your organisation, we provide you with a fully documented test plan and work with you to find an acceptable level of exploitation, and define Rules of Engagement for the operation. We will notify you immediately if the test results include any critical security flaws or any other event that would require emergency intervention for your organization. After completion of the Penetration Test, our security experts will report the findings to management and security personnel, illustrating the techniques, analysis, and results of the assessment. The report covers:

  • Executive summary
  • Technical vulnerability report
  • Design weaknesses
  • Process and Procedural weaknesses
  • Physical, Electronic and Cyber Weaknesses
  • Personnel and training weaknesses
  • Other security weaknesses
  • Recommended mitigation/remediation measures
  • Other recommended actions on maintaining a secure environment

The ever-increasing volume, complexity and sophistication of attacks on organisations require that you maintain constant vigilance in all aspects of threat protection. We work with you to determine the appropriate frequency for penetration testing to ensure that your organization and its personnel are protected from new sources and types of malicious attacks.

NOTE: The goal of a Penetration Test is to break into an organization and determine how to prevent future intrusions. To do so, Synergy Security Solutions security experts must necessarily pose temporarily as bad actors. Truly bad actors are not constrained by client requirements, operational issues or proper authorisation. While Synergy Security Solutions takes careful measures to avoid any negative impact while posing as bad actors, as the attack techniques necessarily become more direct, and the risk of negative impact rises. Another way of viewing the process is thus:

Synergy Security Solutions Client Risk
Cooperative Cooperative Low
Cooperative Hostile  
Hostile Cooperative  
Hostile Hostile High

 

The vast majority of Physical Security Posture Assessments fall into the top category, Cooperative-Cooperative, with some elements of Cooperative-Hostile. Penetration Testing normally falls into the bottom two categories, where Synergy Security Solutions assumes a hostile posture and utilises a larger and more ‘unfriendly’ set of methods. Some of the techniques utilised by Synergy Security Solutions are Force on Force exercises, electronic systems manipulation, IED/VBED infiltration tests, social engineering and spear-phishing, infiltration and tail gating activities, identification forging, active eavesdropping, and other advanced adversary activities. These practices carry an element of risk which may not be suitable for certain organizations, in which case we recommend a Security Posture Assessment using industry-standard auditing and assessment methods as an alternative.

  • Print