Physical Penetration Testing
In light of recent attacks in both London and Manchester, many organisations are reviewing and heightening their physical security posture. Many of our clients are doing the same and in doing so, are commissioning Physical Penetration Tests to ensure their security controls, and the processes around them, are working effectively.
Assessing the real-world effectiveness of physical security controls
Physical penetration testing is the practice of assessing the effectiveness of physical security processes and controls across an organisation’s business estate.
Using covert techniques, authorised attacks on buildings and offices are conducted to penetrate the physical security systems and identify vulnerabilities that could expose the organisation to a loss of sensitive information, unauthorised access to their networks or even malicious activity.
Physical penetration testing can include activities such as attempting to enter a building to gain access to the C-Level suite or to infiltrate a data-centre and where possible, move within the building to examine security processes and security culture, testing the staff, manned guarding and technology resilience.
Why Conduct Physical Penetration Testing?
Organisations invest substantially in physical security controls, whether it be electronic controls, alarms, perimeter defences or manned guarding. But how can we be sure that these controls, and the processes around them, are working effectively and that they’re preventing unauthorised access? Physical Penetration Testing will provide valuable insight into an organisation’s security posture and allow us to address vulnerabilities before these can be exploited.
- Identify vulnerabilities
- Determine the feasibility of particular type of breach
- Assess the potential impact of a particular type of breach
- Report findings and make recommendations
- Provide evidence to support investment in security
- Demonstrate good governance
Conducting physical penetration testing will go a long way to ensuring that your organisation’s physical security profile is as vibrant and robust as possible.
Our Physical Penetration Testing Approach
|Initial Reconnaissance||Passive reconnaissance and open source intelligence used to gather information on the organisation and its business estate.|
|Active Reconnaissance & Covert Observations||On the ground surveillance, walk arounds to identify entrances & exits; surveillance of employed and manned guards, uniforms, badges, cameras etc,
Opportunist attempts to breach the security may be made if appropriate.
|Attack Planning / Pretexting||Develop our pretext, arrange badges/passes etc.|
|Targeted Testing||Execute attack using covert techniques to penetrate the physical security, gathering video evidence|
|Reporting||Report on vulnerabilities and provide recommendations|
Our testing teams are experienced Covert Human Intelligence Source (CHIS), intelligence and surveillance specialists, having gained their experience from either Intelligence, Specialist Military or police backgrounds. We work on a strictly confidential basis providing our services to a number of industries and top FTSE companies.