Defining an appropriate pen-test scope is crucial to reducing business cybersecurity risks because it ensures that all relevant aspects of the organisation’s IT infrastructure are adequately tested and assessed. Poorly scoped penetration tests often focus on the areas the IT team manages well; while missing “shadow IT”; “temporary” servers and poorly secured development environments.
A well-defined scope helps you to identify potential vulnerabilities, weaknesses, and threats, ultimately reduces your attack surface. It also helps do this in a way that is efficient and focussed – saving money.
Attack Surface Management
As part of every pen-testing engagement, we start with a review of open-source intelligence about your organisation’s internet attack surface using our unique CyberRisk Score. We use publicly available, open-source intelligence sources (OSINT) to discover your business’s internet facing assets and find systems that may have previously gone undiscovered.
Through a scoping workshop, we will find out which areas of the business you have the most concerns over and where the most sensitive data lies. By combining that with our knowledge of current Threats, Tactics and Techniques, we will recommend a test scope that gives you an appropriate balance between risk reduction and cost.