It takes only one user to fall prey to a phishing scam for an attacker to gain a foothold in your organisation. Our phishing assessment and penetration testing service helps you understand your organisation’s phishing posture and prepare for ransomware and other phishing introduced threats.
A Phishing Penetration Test is an authorised process of testing end-user susceptibility to conduct attacker requested actions. This is conducted via simulated phishing campaigns sent to all users in your organisation or a select control group.
We have 2 different types of Phishing Penetration Testing available to assess your organisation’s phishing risk:
Shearwater’s Baseline Penetration Testing allows you to easily measure your organisation’s phishing risk. We will send a simulated phishing campaign to all of your end-users or just a select control group. By tracking open and click-through rates, this campaign provides you and other key stakeholders with an easy to understand summary of your organisation’s phishing risk and helps you establish a baseline for future improvement measurement.
The Advanced Phishing Penetration Test assesses the performance of your security stack at the desktop/server level and across the inbound and outbound points of your network. These technologies include file extension handling, port filtering, MIMES, Type Checking, Anti-Virus, Application Whitelisting, and Proxy Filtering.
The Advanced Phishing Penetration Test has 3 discrete phases:
Phase 1- Mail Gateway Assessment
We will send customised non-malicious packages to a dedicated email address within your organisation. Using different file extensions and techniques, the packages will attempt to bypass your mail gateway restrictions to assess the anti-virus, anti-spam, content filtering and file filtering restrictions.
Phase 2- SOE Assessment
Using your standardised pre-built SOE hosts and the successfully injected packages, we will then execute the packages that circumvented existing controls. This will test the SOE’s controls, antivirus, and application defences. The packages that were successfully executed will be used as an input for the final phase of the audit.
Phase 3- Egress Filtering
At this stage we will identify the executed packages that were able to connect to our central Command and Control centre. The aim is to test the outbound infrastructure (firewall rule sets, proxies, SIEM and Analytics platforms, and outbound antivirus systems) against external Malware connections.
How can we help?
Resources
Testimonials
” The relationship with Shearwater and the two-way exchange of information, ideas, and feedback – has significantly helped us improve our own security and allowed us to stay abreast of changes in the security landscape.“
” Overall, we find Shearwater to be flexible, consultative, and delivering on their promise. They have a high level of understanding of the information security landscape and the threats that a financial services organisation has or may have in the future. They have demonstrated their capabilities and knowledge in suggesting and implementing suitable solutions.“
Get a service advisor to contact you, answer your questions, and understand your specific requirements.
Get answers! Our service advisors are ready to take your call and offer you advice and insights
1300 228 872
Mon -Fri, 9am – 6pm