GigaOm Radar for Attack Surface Management: Bishop Fox Named "Leader" and "Fast Mover". Read the report to learn why ›
Bishop Fox's External Penetration Testing goes beyond the rigidity of “check the box” approaches by delivering deep attack surface insights and identification of dangerous exposures that help you keep attackers on the outside looking in.
Bishop Fox’s External Penetration Testing combines proven methodologies, powerful technology, and decades of testing experience to ensure you have a thorough understanding of your external security risks. Starting with deep reconnaissance, our highly experienced experts leverage automated and manual discovery techniques, including collection of open-source intelligence and analysis of assets affected by the latest emerging threats, to paint a clear picture of what an attacker can see across your perimeter. Applying the latest TTPs and attacker ingenuity, targeted assets are subjected to the same exposure identification processes observed in real-world attack scenarios. This process ensures the full spectrum of vulnerabilities and defensive gaps are illuminated, including their severity, likelihood to be exploited, and potential impact.
Taking perimeter testing to the next level, we put you in the driver’s seat to adapt engagements to worrisome scenarios and extend assessment to assets outside the scope of traditional testing, such as cloud infrastructure and publicly accessible web applications. In addition, you’ll have the opportunity to see how deep the rabbit hole goes with the option to execute post-exploitation activities that illuminate internal pathways, systems, and data at risk.
Finally, we’ll arm your security team with actionable deliverables including detailed walk-throughs of findings, impact and severity determination, and prescriptive remediation guidance that puts your security team in the best position to defend forward and reduce risk.
Bishop Fox’s External Penetration Testing leaves nothing to chance by emulating the skill and precision of targeted adversaries, resulting in complete discovery of defensive gaps including likelihood of exploitation and business impact determination.
Deep Attack Reconnaissance
Recreates the information gathering techniques of skilled attackers such as active scanning, searching of open and closed databases, and gathering of business, host, victim, and network information.
Best-of-Breed Discovery Technology
Uses a combination of open-source, commercial, and Bishop Fox-developed technology enabling network discovery, enumeration, and vulnerability scanning at scale.
Emerging Threat Emphasis
Accounts for recency bias, placing higher prioritization on discovering the presence of assets susceptible to major news-making “zero day” vulnerabilities.
Skilled Attacker Emulation
Applies extensive domain experience from Bishop Fox’s highly certified and accomplished network security experts ensuring your perimeter faces the latest tactics, techniques, and procedures observed in the wild.
Exploit Likelihood Analysis
Calculates the probability of exploitation based on numerous contributing factors including nature of the vulnerability, capabilities and motivations of potential threat sources, and your existing security controls.
Impact and Severity Determination
Classifies the severity of vulnerabilities based on their potential to impact internal assets, critical systems, and sensitive data during post-exploitation activities.
Business Objectives and Risk Profile Accountability
Aligns engagements to organizational and stakeholder goals focusing testing on assets that present potential business risk.
Coverage of Cloud Infrastructure and External Web Applications
Extends testing to public cloud storage services (i.e. AWS S3) and peripheral web apps providing additional value compared to common testing approaches.
Optional Post-Exploitation Execution
Gives you the flexibility to demonstrate how a skilled adversary could leverage discovered vulnerabilities to gain a foothold in your environment including post-exploitation systems, pathways, and data at risk.
Detailed Executive and Technical Findings
Supplies technical and executive level reporting covering stages of the assessment including reconnaissance, resource development, and execution of tactics, techniques, and procedures used to compromise perimeter assets.
Interactive Support for Inquiries and Adjustments
Conducts a detailed walk-through of findings, with a live question and answer session, ensuring all stakeholders understand perimeter strengths, risks, and recommendations.
Provides prescriptive guidance that increases the efficacy of security investments including prioritized remediation of susceptible assets based on likelihood of exploitation and business impact.
The best testing in the world means nothing if you can’t apply the results. Our transparent post-engagement guidance includes detailed walkthroughs of reconnaissance actions, executed TTPs, defensive gaps, and prescriptive actions that are crucial to fortifying susceptible assets and paving a path to a heightened state of perimeter resiliency.
Adversaries are opportunistic with plenty of options to get behind your defenses. We’ll determine which assets are most prone to attack.
Knowing your attack surface is only half the battle. We’ll uncover at-risk assets skilled adversaries are most likely to target.
Attackers and executives have something in common - an interest in newsworthy threats. We’ll determine if your perimeter assets are at risk.
No two perimeters are the same. We adapt testing to meet your organization’s requirements and unique attributes.
Regulators, insurance providers, partners – they want your commitment to security. We’ll make sure you meet the highest standards.
Testing is useless without the ability to act. We’ll arm your team with everything they need to keep attackers on the outside looking in.
Bishop Fox’s external penetration testing methodology identifies security vulnerabilities by simulating the real-world threat of an attacker attempting to exploit target networks and applications. These zero-, partial-, or full-knowledge assessments begin with the discovery of externally identifiable systems and the footprinting of designated networks and applications.
Senior Security Consultant
Matt Thoreson (OSCP, CISSP) is a Senior Consultant at Bishop Fox and leads the External Penetration Testing service, His primary focuses are penetration testing external and internal networks. Matt also has extensive experience in red teaming, social engineering, and mobile application testing. He has advised Fortune 500 brands and startups in industries such as technology, healthcare, energy, finance, and retail. His professional achievements include leading a red teaming engagement for a state-wide energy provider, performing black-box testing for a multi-national energy company, and creating and operating a threat analysis project for a regional university consortium.
Whether you know exactly which services you need or want help in figuring out what solution is best for you, we can help.