Executive brief on how PCI DSS 4.0 affects offensive security practices, penetration testing, and segmentation testing. Watch Now

bishopfox-logo-grey
Get Started
Artistic representation of Bishop Fox cybersecurity professionals conducting penetration testing and security assessment services using reference to the hacker culture.
NETWORK SECURITY

EXTERNAL PENETRATION TESTING

Keep Your Perimeter Secure

Artistic representation of Bishop Fox offensive security approach including penetration testing and security assessment services using reference to robotic, AI, and automation with the robot looking skeleton hand.

Bishop Fox's External Penetration Testing goes beyond the rigidity of “check the box” approaches by delivering deep attack surface insights and identification of dangerous exposures that help you keep attackers on the outside looking in.

Get Started Download Datasheet View Methodology
 .d8888b.   d888
d88P  Y88b d8888
888    888   888
888    888   888
888    888   888
888    888   888
Y88b  d88P   888
 "Y8888P"  8888888

CHALLENGE "CHECK THE BOX"

FIND PERIMETER VULNERABILITIES BEFORE ATTACKERS DO

Bishop Fox’s External Penetration Testing combines proven methodologies, powerful technology, and decades of testing experience to ensure you have a thorough understanding of your external security risks. Starting with deep reconnaissance, our highly experienced experts leverage automated and manual discovery techniques, including collection of open-source intelligence and analysis of assets affected by the latest emerging threats, to paint a clear picture of what an attacker can see across your perimeter. best position to defend forward and reduce risk.

Applying the latest TTPs and attacker ingenuity, targeted assets are subjected to the same exposure identification processes observed in real-world attack scenarios. This process ensures the full spectrum of vulnerabilities and defensive gaps are illuminated, including their severity, likelihood to be exploited, and potential impact.

Taking perimeter testing to the next level, we put you in the driver’s seat to adapt engagements to worrisome scenarios and extend assessment to assets outside the scope of traditional testing, such as cloud infrastructure and publicly accessible web applications. In addition, you’ll have the opportunity to see how deep the rabbit hole goes with the option to execute post-exploitation activities that illuminate internal pathways, systems, and data at risk.

Finally, we’ll arm your security team with actionable deliverables including detailed walk-throughs of findings, impact and severity determination, and prescriptive remediation guidance that puts your security team in the

 .d8888b.   .d8888b.
d88P  Y88b d88P  Y88b
888    888        888
888    888      .d88P
888    888  .od888P"
888    888 d88P"
Y88b  d88P 888"
 "Y8888P"  888888888
Service page gallery bg

EXTERNAL ATTACKER EMULATION

Effective Prevention Requires an Offensive Perspective.

Bishop Fox’s External Penetration Testing leaves nothing to chance by emulating the skill and precision of targeted adversaries, resulting in complete discovery of defensive gaps including likelihood of exploitation and business impact determination.

See Your Perimeter Through the Eyes of an Adversary.

Deep Attack Reconnaissance
Recreates the information gathering techniques of skilled attackers such as active scanning, searching of open and closed databases, and gathering of business, host, victim, and network information.

Best-of-Breed Discovery Technology
Uses a combination of open-source, commercial, and Bishop Fox-developed technology enabling network discovery, enumeration, and vulnerability scanning at scale.

Emerging Threat Emphasis
Accounts for recency bias, placing higher prioritization on discovering the presence of assets susceptible to major news-making “zero day” vulnerabilities.

Pressure Test Your Perimeter Defenses.

Skilled Attacker Emulation
Applies extensive domain experience from Bishop Fox’s highly certified and accomplished network security experts ensuring your perimeter faces the latest tactics, techniques, and procedures observed in the wild.

Exploit Likelihood Analysis
Calculates the probability of exploitation based on numerous contributing factors including nature of the vulnerability, capabilities and motivations of potential threat sources, and your existing security controls.

Impact and Severity Determination
Classifies the severity of vulnerabilities based on their potential to impact internal assets, critical systems, and sensitive data during post-exploitation activities.

Meet Your Challenges Head-On.

Business Objectives and Risk Profile Accountability
Aligns engagements to organizational and stakeholder goals focusing testing on assets that present potential business risk.

Coverage of Cloud Infrastructure and External Web Applications
Extends testing to public cloud storage services (i.e. AWS S3) and peripheral web apps providing additional value compared to common testing approaches.

Optional Post-Exploitation Execution
Gives you the flexibility to demonstrate how a skilled adversary could leverage discovered vulnerabilities to gain a foothold in your environment including post-exploitation systems, pathways, and data at risk.

Defend Forward with Insights from World-Class Experts.

Detailed Executive and Technical Findings
Supplies technical and executive level reporting covering stages of the assessment including reconnaissance, resource development, and execution of tactics, techniques, and procedures used to compromise perimeter assets.

Interactive Support for Inquiries and Adjustments
Conducts a detailed walk-through of findings, with a live question and answer session, ensuring all stakeholders understand perimeter strengths, risks, and recommendations.

Targeted Remediation
Provides prescriptive guidance that increases the efficacy of security investments including prioritized remediation of susceptible assets based on likelihood of exploitation and business impact.

The best testing in the world means nothing if you can’t apply the results. Our transparent post-engagement guidance includes detailed walkthroughs of reconnaissance actions, executed TTPs, defensive gaps, and prescriptive actions that are crucial to fortifying susceptible assets and paving a path to a heightened state of perimeter resiliency.

COMPREHENSIVE ATTACK SURFACE DISCOVERY

CHALLENGE SECURITY CONTROLS

FLEXIBLE ENGAGEMENTS

ACTIONABLE RESULTS

 .d8888b.   .d8888b.
d88P  Y88b d88P  Y88b
888    888      .d88P
888    888      8888"
888    888      "Y8b.
888    888 888    888
Y88b  d88P Y88b  d88P
 "Y8888P"   "Y8888P"

KEY BENEFITS

WHAT YOU CAN EXPECT

ATTACK SURFACE VISIBILITY

Adversaries are opportunistic with plenty of options to get behind your defenses. We’ll determine which assets are most prone to attack.

DEFENSIVE MEASUREMENT

Knowing your attack surface is only half the battle. We’ll uncover at-risk assets skilled adversaries are most likely to targe

EMERGING THREAT IDENTIFICATION

Attackers and executives have something in common - an interest in newsworthy threats. We’ll determine if your perimeter assets are at risk.

COMPLETE ENGAGEMENT CONTROL

No two perimeters are the same. We adapt testing to meet your organization’s requirements and unique attributes.

DEMONSTRATED DUE DILIGENCE

Regulators, insurance providers, partners – they want your commitment to security. We’ll make sure you meet the highest standards.

A CLEAR PATH TO FORWARD DEFENSE

Testing is useless without the ability to act. We’ll arm your team with everything they need to keep attackers on the outside looking in.

 .d8888b.      d8888
d88P  Y88b    d8P888
888    888   d8P 888
888    888  d8P  888
888    888 d88   888
888    888 8888888888
Y88b  d88P       888
 "Y8888P"        888

FEATURED CUSTOMER STORY

Equifax Transforms Perimeter Security Through Strategic Continuous Testing Partnership

"The Bishop Fox team has been a great partner for us. We’ve been able to utilize their high-caliber skill set to add to the capabilities of our comprehensive security program.”

– Brad Trotter, Red Team Manager at Equifax"
Read Story
Equifax logo for offensive security case study. Equifax Employs Bishop Fox’s Cosmos (formerly CAST) for Continuous Security Testing.

TRUSTED BY INDUSTRY LEADERS

UK logo white
Cst group logo
KE Logo
PNS logo white
ZD logo white
FB Logo white
Ventrilo.ai logo white
Apollo.io logo
Logo zephyr health white
White Zoom logo on network security page.
White Aspire logo for security program review case study. Z_Archived_VSA: Google Partner Security Recertification.
White Coinbase logo on network application security services page.
Republic services logo white.
Amazon logo for application security services case study.
White John Deere logo for network security case study.
Canyon logo for internal penetration testing customer story.
Illumio logo for Bishop Fox Customer Story on micro-segmentation efficiency as a security control.
Logo aspire
August Home white logo for Bishop Fox customer story on mobile application penetration testing. August: Built-in Security in IoT Devices. Application Security: Mobile Application Assessment Service.
Logo ftrack
White Wickr logo for security architecture review customer story.
White Sonos logo on ioXt certification page. Sonos Makes Secure Moves with Bishop Fox.
White Salesflare logo for penetration testing and security RFI evaluations case study.
White Zoom logo for application security services case study.
UK logo white
Cst group logo
KE Logo
PNS logo white
ZD logo white
FB Logo white
Ventrilo.ai logo white
Apollo.io logo
Logo zephyr health white
White Zoom logo on network security page.
White Aspire logo for security program review case study. Z_Archived_VSA: Google Partner Security Recertification.
White Coinbase logo on network application security services page.
Republic services logo white.
Amazon logo for application security services case study.
White John Deere logo for network security case study.
Canyon logo for internal penetration testing customer story.
Illumio logo for Bishop Fox Customer Story on micro-segmentation efficiency as a security control.
Logo aspire
August Home white logo for Bishop Fox customer story on mobile application penetration testing. August: Built-in Security in IoT Devices. Application Security: Mobile Application Assessment Service.
Logo ftrack
White Wickr logo for security architecture review customer story.
White Sonos logo on ioXt certification page. Sonos Makes Secure Moves with Bishop Fox.
White Salesflare logo for penetration testing and security RFI evaluations case study.
White Zoom logo for application security services case study.
See All Customer Stories

LEADING EXTERNAL PENETRATION TESTING EXCELLENCE

PROVEN TRACK RECORD PROTECTING ENTERPRISE NETWORKS

featured-fox

Matt Thoreson

Senior Security Consultant

Matt Thoreson (OSCP, CISSP) is a Managing Senior Consultant at Bishop Fox and leads the External Penetration Testing service. His primary focuses are penetration testing external and internal networks. Matt also has extensive experience in red teaming, social engineering, and mobile application testing.

He has advised Fortune 500 brands and startups in industries such as technology, healthcare, energy, finance, and retail. His professional achievements include leading a red teaming engagement for a state-wide energy provider, performing black-box testing for a multi-national energy company, and creating and operating a threat analysis project for a regional university consortium.

Matt holds multiple industry certifications and continues to contribute to the cybersecurity community through his expertise in network security assessment and advanced penetration testing methodologies.

Start defending forward.
Get in touch today.

Whether you know exactly which services you need or want help in figuring out what solution is best for you, we can help.

Get Started
Black on white artistic representation of a penetration testing engagement using a section of a robotic looking machine with an organic human feel.

This site uses cookies to provide you with a great user experience. By continuing to use our website, you consent to the use of cookies. To find out more about the cookies we use, please see our Privacy Policy.