Security assessment capabilities
To ensure secure Information Technologies (IT) and Operational Technologies (OT) networks, systems, services and applications it is highly recommended to conduct periodical reviews of the security measures implemented.
For example, through the execution of penetration tests or red team engagements.
Penetration testing as well as red teaming ensures a thorough and repeatable method for verifying and validating the effectiveness of security controls to meet customers’ security requirements.
Penetration testing capabilities
Thales' penetration testing methodology is based on various standards like the National Institute of Standards and Technology (NIST) and the Open Web Application Security Project (OWASP), which outlines a suite of suggested test cases to identify common security vulnerabilities and validate the effectiveness of security controls.
Security assessments like penetration testing conducted by Thales can be broken down into different types: Black-box, White-box and Grey-box penetration tests. Each of these types can be applied to internal as well as external infrastructures as well as web applications and cloud audits. Red team engagements cover all phases from initial planning through gaining access and reporting.
Thales offers to provide mapping of active assets, threat modelling, vulnerability analysis, detailed reports and proposed corrections.