Penetration and red team testing helps you evaluate and test your organisation’s defences using real world attack scenarios to more accurate gauge and address your cyber risk. Also known as ‘ethical hacking’, ‘white hat hacking’, or the use of ‘tiger teams’, penetration and red team testing is more beneficial than traditional forms of testing, in that it:

• Focuses on the real risks, not theoretical ‘best practice’ risks, providing better quality and more focused recommendations.
• Is significantly more cost effective than other forms of testing.
• Tests your ability to detect and respond to an attack.
• Takes into account aspects of security other than just the technical components of security, e.g. the human element of security, and the inter-relationship between systems and processes.

Each penetration or red team test requires a customised approach that will be determined by your objectives for the testing. Our tailor-made approach aims to provide a more realistic picture of your organisation’s security posture, allowing you to make informed decisions on areas requiring remediation.

Penetration Testing

Our New Zealand Penetration Testing Centre of Excellence utilises tried and tested penetration testing methodologies and approaches that allow us to test the security of a wide range of technologies and processes.

This includes:

• Internet infrastructure and systems.
• Websites and web based applications.
• Internal networks and systems.
• Mobile apps.
• Thin client solutions.
• Wireless networks.

Red Team Testing

KPMG’s Cyber Security Services team will evaluate and test your organisation’s defences using real world attack scenarios to more accurately gauge and address your cyber risk. KPMG’s red team testing can help you understand the adversaries and tactics that criminals will use to penetrate your organisation’s defences.

Red teaming is a multi-disciplinary team that utilises intelligence capabilities to support a broad-based testing strategy. Red teaming leverages this approach in evaluating the specific business model and operations of your organisation. Once profiled, attack vectors are identified and strategies devised to implement sophisticated attacks including: spear phishing, watering hole, malware and social engineering. This is delivered through simulated war-gaming activities, within a controlled testing framework.

Our tailor-made approach of combining threat intelligence with specific testing aims to provide a more realistic picture of your organisation’s security posture, allowing you to make informed risk decisions on areas requiring remediation.

Red team testing goes beyond penetration testing and can include:

• Social engineering testing.
• Physical security testing.
• Breach via third party provider analysis.
• VOIP/telephone attack.
• Utilisation of open source threat intelligence information.
• Insider threat simulation.