Security assessment capabilities
To ensure the security of Information Technologies (IT) and Operational Technologies (OT) networks, systems, services and applications, it is highly recommended to conduct periodical reviews of the security measures implemented. For instance, this can be achieved through the execution of penetration tests or red team engagements. Penetration testing and red teaming provide a comprehensive and repeatable approach to verify and validate the effectiveness of security controls in meeting customers' security requirements.
Penetration testing capabilities
Thales' penetration testing methodology is based on various standards like the National Institute of Standards and Technology (NIST) and the Open Web Application Security Project (OWASP), which outlines a suite of suggested test cases to identify common security vulnerabilities and validate the effectiveness of security controls.
Security assessments like penetration testing conducted by Thales can be categorized into different types: Black-box, White-box and Grey-box penetration tests. Each of these types can be applied to internal and external infrastructures as well as web applications and cloud audits. Red team engagements cover all phases from initial planning through gaining access and reporting.
Thales offers mapping of active assets, threat modelling, vulnerability analysis, detailed reports and proposed corrections