Our scalable SaaS solution reforms traditional security testing, harnessing the power of both automated scanning and integrated expert penetration testing to provide business-critical security insights and efficient attack surface management in a single platform.
View your internal network penetration testing results instantly from day one instead of waiting weeks for your report
Add additional team members and set up alerts and integrate Informer into your remediation workflow with integrations
One-click retesting allows you to validate identified vulnerabilities that you have fixed for added assurance
Our approach to internal network penetration testing
Internal networks can be vast and complex. Our dynamic approach aims to find the hosts and then vulnerabilities that arise, from patching issues to misconfigurations.
We’ll create scenarios to test your internal network to see if attaining that goal is feasible. This could be gaining access to financial data or gauging the amount of unauthorized access a contractor has to resources on a network.
How we security test internal network infrastructure
We use a combination of manual and automated penetration testing techniques to identify vulnerabilities thoroughly and efficiently using commercial and open-source tools.
Our effective approach includes:
Attempting default user accounts and passwords
Assessing networking equipment
Find passwords that can be reused across the network
Exploiting default settings and configurations
Identifying operating system and application vulnerabilities on servers
Testing the configuration of the Active Directory environment
Escalating privileges within the environment to increase access
Several testing stages are followed that result in an effective test. By using our platform’s cyber intelligence capability together with expert penetration testing knowledge, Informer’s testers identify your true attack surface with depth.
Asset discovery – asset mapping is using Informer’s discovery tools and intelligence engine
Service identification – identifies live services that are accessible from the internet
Vulnerability analysis – each service is analyzed in detail to identify misconfigurations and software vulnerabilities
Service exploitation – exploitation will be performed to verify vulnerabilities and gain access to infrastructure
Gain additional access & pivoting – successful exploitation will be used to gain further access to connected networks and hosts.
Instant online reporting
Our internal network penetration testing service is delivered through our SaaS platform for a faster and more dynamic security testing experience. You can start to remediate vulnerabilities as soon as our testers find them without having to wait for the test to be completed. Utilize our Jira integration to automate ticket creation for your developers to get to work on fixing issues.
A summary is provided for each test and gives you a non-technical overview of the results. For each vulnerability discovered, you can access:
Detailed descriptions of the finding with CVSS scores
Evidence detailing the location and parameters affected
Screenshots uploaded by our penetration testers
Remedial action and recommendations
References to more information if you need to dig deeper
Each test is stored separately in the platform so you can access detailed findings fast or create a PDF report. You can download reports in a number of formats at any time during or after the test.
We go beyond providing reports by offering a comprehensive debrief session so our penetration testing team can talk about the findings. This is a great opportunity for you and your security, IT, and development teams to ask any questions or seek advice.
Identifies patching inconsistencies
Finds directly exploitable misconfigurations
Assesses separation of networks
See how vulnerabilities are combined to breach your network
Learn how AD configurations can be exploited
Understand how attackers can move across your network
Frequently asked questions
If you have any further questions, get in touch with our friendly team.
How safe is my network while you're testing?
Inevitably, there’s always a level of risk to any security test, but we are meticulous about the tests that we run.
Do you need to attend our office?
You have the choice – we can either do onsite testing or test remotely, which is popular – saving on travel expenses and time.
How does this type of testing satisfy ISO27001 requirements?
In order to meet the ISO27001, you are required to run both an internal penetration test and an external penetration test. Add vulnerability scanning to provide evidence of ongoing security monitoring.
Can you work out of hours?
We can work out of hours for an additional charge. If part of your infrastructure is in a time zone that is in our normal working business hours, you won’t be charged.
Do you offer a retest?
We offer a retest if you were to use our remote internal penetration testing offering.
Ready to take control of your external attack surface?
Discover how Informer can automatically increase attack surface visibility and assess your cyber risk exposure