Internal Infrastructure and Internal Web Application Assessments typically involve a Pentest People security consultant attending the client’s premises, connecting their laptop and security toolset to their network, and performing a series of automated and manual testing to identify software and configuration vulnerabilities. However, there are often situations where it is inconvenient or even impossible for a consultant to physically be onsite, such as highly secure data centres that forbid external entities from accessing hardware, or client locations that are geographically difficult to reach.
In order to facilitate a cybersecurity service for these situations, Pentest People have developed a solution that provides the same level of internal access without the need to have a consultant on the client site to perform the required assessment. This solution is called SecureGateway and this can be delivered either as a standalone appliance or a downloadable VMWare image.
The SecureGateway appliance is a small but powerful remote access server that allows Pentest People consultants to perform their security assessment remotely. Its small form factor is convenient for transportation to client locations, and its automated processes do not require any configuration by the client. All that is required is a standard 10/100/1000 Ethernet port and a DHCP server to allocate an IP address.
Once attached to the client’s network, the device establishes a secure encrypted connection to Pentest People’s ISO/27001 accredited Security Operation Centre, whilst introducing minimal risk to the client’s internal or external infrastructure.
Download & view our SecureGateway Digital Data Sheet >>
What Assessments Can Be Performed With SecureGateway?
Internal Infrastructure Assessments, including IT Health Checks, are a perfect candidate for SecureGateway.
These types of tests traditionally rely upon an engineer being onsite at the client’s location for the duration of the assessment.
In an Internal Infrastructure Assessment, SecureGateway provides the Pentest People consultant with an in-band secure network connection that provides the same security toolset required to perform the assessment that the consultant would normally bring to site with their laptop.
This allows the consultant to perform the infrastructure assessment as if they were sat within the client’s location and connected to the client’s network.
Web Application Assessments
Web Application Assessments are usually performed externally, however, we do also perform assessments on applications that are internal within an organisation.
In these cases we usually have to send a Web Application Security Consultant to a client’s site where the application is tested from within the client’s network.
SecureGateway can be used by a client to provide a secure in-band connection for the Pentest People consultant.
With this connection, the consultant can configure a secure proxy so that all of the Penetration Testing can be performed from a remote location as if the consultant was physically connected to the client’s network.
What are the Risks?
Pentest People are aware of the risks involved with adding a new device to your corporate network and understand this implicitly. Which is why we’ve established a series of technical and administrative controls to mitigate the risk to the client’s infrastructure when using the SecureGateway device.
SSH Encrypted Communication
Minimal Attack Surface
Strong Password Policy
Secure Data Wipe
Strong Patching and Lockdown
Advantages of SecureGateway
There are many advantages to using Pentest People’s SecureGateway.
Although lockdown has ended in the UK, remote working is still extremely preferred, not only this but remote testing opens doors for international businesses and offices with strict on-site policies. By utilising SecureGateway, Pentest People can still perform an Internal Penetration Testing Assessment without requiring a consultant to be onsite.
Using SecureGateway can reduce the cost of an engagement as there are no travel expenses incurred by Pentest People which would be recharged to the client.
SecureGateway also brings efficiencies in time-saving due to travel and clients are paying purely for testing time rather than consultant travel time.
All Services that use SecureGateway have access to SecurePortal
Until now, the traditional deliverable from a Penetration Test engagement has been a lengthy 100+ page PDF report.
Pentest People have developed a solution to this issue where you interact with your vulnerabilities within the SecurePortal.
Constantly updating Vulnerability Information to stay in touch with the emerging threat landscape.
Receive overview and trend data of all of the current security issues you face in your organisation. All viewable on an interactive dashboard.
Skilled Security Consultants
Rest assured that your assessments are performed by qualified Security Consultants.
Our specialised team of security consultants hold industry qualifications such as CHECK Team Member & Team Leader, CCIE, CISSP and CEH.
Key Benefits of SecureGateway
Understand how the SecureGateway can bring you all the benefits of a standard Penetration Test.
- Your Penetration Test can be completed without the need for a consultant to attend your site
- SecureGateway can either be delivered as a VMWare Virtual Machine Image or a shipped Standalone Network Appliance
- Automatically creates a secure channel to the Pentest People Security Operations Centre allowing a consultant to access your appliance remotely
- Your test through the SecureGateway will still allow all the benefits of the SecurePortal
Asked Questions About SecureGateway
Is my data safe while using SecureGateway?
What tests are possible with the SecureGateway?
Are there any differences to the services methodology?
When would we use the VMWare image over a physical appliance?