Penetration Testing Services

AT&T Penetration Testing Service provides organizations with a functional test of the network and application controls that help to secure their operations and data.

Why penetration testing with AT&T Cybersecurity Consulting?

Our solutions are tailored to meet your risk assurance objectives

Evaluate your attack surface

Identify exploitable conditions in all areas of your technology footprint. From Internal/External/Wireless Network and Web/Mobile Application Testing, to IoT Assessments and Red Team Exercises; we have you covered.

Understand real world exploitation of staff

Today’s threat actors commonly target your employees to achieve access to your corporate assets. Incorporate phone, email, and messaging-based solicitations, along with physical intrusion attempts, to reflect real-world threats.

Work with security experts

Work with expert AT&T consultants with years of penetration testing experience, including deep familiarity with how organizations run and how attackers operate.

Satisfy compliance requirements

With decades of experience performing testing in support of compliance needs, such as those in the PCI DSS, AT&T consultants can help define and execute on test plans that meet complex compliance requirements.

Remediation informed by threat intelligence

Prioritize remediation of identified vulnerabilities based not only on severity and business impact of exploitation, but also on threat intelligence regarding the tactics, techniques, and procedures used by today’s threat actors.

Understand and prioritize remediation

AT&T Cybersecurity Consultants can walk you through the process used to break through your defenses, as well as articulate the magnitude of the impact to your organizations and help you understand and prioritize remediation efforts.

Features of AT&T Penetration Testing Service

Tailored to your environment and attack surface

Features

Details


Flexible engagement models

Our engagement management team works collaboratively with each client to ensure that the assessment timing, rules of engagement, and communication processes align with customer expectations.


Based on standards, informed by experience

The team keeps up to date on developments in testing standards, such as those published by NIST, OWASP, and MITRE, to make sure our testing methodologies reflect current best practice developments. We draw upon the collective experience of our testing teams to identify unique or emerging practices to find and exploit vulnerabilities.


Social engineering

Assess the security awareness and general security controls with respect to human manipulation; including email, phone calls, media drops, and physical access.


External penetration tests

Identify and exploit vulnerabilities on systems, services, and applications exposed to the Internet.


Web application assessments

Assess web or mobile applications for vulnerabilities that can lead to unauthorized access or data exposure.


Internal penetration tests

Simulate a malicious insider or an attacker that has gained access to an end-user system, including escalating privileges.

Test drive the AT&T Managed Vulnerability Program

Offers vulnerability, asset and patch management as well as threat and risk prioritization in one solution.

Get started ⟶

FAQ

AT&T Cybersecurity Consulting offers Network Penetration Testing, Application Penetration Testing, Wireless Penetration Testing, and Social Engineering.

AT&T Cybersecurity Consulting performs vulnerability exploitation using a variety of techniques, depending on the nature of the vulnerabilities. Our experts utilize open source technology and some commercial  products to mimic tools, techniques, and procedures of malicious hackers.

Yes, it can be performed both on site and remotely. Remote testing can be done using the Remote Internal Pen-Test (RIPT) device.

Based on the scope of the project and size of the environment, AT&T Cybersecurity Consulting will estimate an expected duration of time to completion. On average, penetration testing takes 1-3 weeks.

The Vulnerability Scanning phase of the penetration test is conducted using automated tools. Next, AT&T Cybersecurity consulting manually confirms the results from the automated tools. Manual testing is done for discovery and elimination of false positives, verification of scan results, and identification of complex, emerging, or obscure vulnerabilities.

The first phase is Intelligence Gathering, in which the objective of this first phase is to gain as much knowledge as possible about the target environment. The second phase is Vulnerability Scanning, which is done to identify hosts, services, and vulnerabilities in the target environment. In the next phase, Manual Verification, AT&T Cybersecurity Consulting manually validates the results of the automated tools. Next is the Vulnerability Exploitation phase in which exploits are attempted against the identified vulnerabilities. In the final phase of Analysis and Reporting, the findings are analyzed and documented.

A scoping questionnaire will be provided to client to begin the scoping process. There is a different questionnaire for each penetration testing service (Application Penetration Testing, Network Penetration Testing, Social Engineering, Wireless Penetration Testing).

AT&T Cybersecurity Consulting does not intentionally cause a disruption of service. The intrusiveness of the penetration test as well as time window (business hours, off business hours) is flexible and discussed with the client.

Vulnerability testing determines the extent to which critical systems and sensitive information are vulnerable to compromise or attack. Penetration testing takes a step further to exploit the vulnerabilities identified in order to gain access to critical systems, sensitive information, or a specified trophy. While automated vulnerability scanning can help you identify security flaws, it can’t help you evaluate the strength of your organization’s security controls against a human attacker.

AT&T Cybersecurity Consulting can perform the penetration test on site, or remotely using the Remote Internal Penetration Testing (RIPT) device which will be shipped to the customer to connect to their network.