Penetration Testing Services

Why does my facility need to conduct Penetration Testing?

Pen testing is a crucial component of a comprehensive cybersecurity strategy. It helps your business stay ahead of potential threats, comply with guidelines and regulations, and maintain a robust security posture in an ever-evolving threat landscape. If you are considering completing a TPN Blue or Gold Shield Assessment or are about to be assessed directly by an MPA, CDSA, or ACE member studio content owner such as Disney or Netflix, then you must provide evidence that you have conducted a penetration test in the preceding 12 months. Pen testing should be conducted independently by a third-party organisation unrelated to your business.

​

Vulnerability Scanning vs Penetration Testing?

So what are the differences between vulnerability testing and pen testing? In a nutshell, vulnerability scanning is generally automated and focuses on identifying potential system weaknesses, while penetration testing involves active attempts to exploit vulnerabilities and provides a deeper understanding of a system's security posture. Vulnerability scanning and pen testing are both important cybersecurity practices, but they serve different purposes and involve distinct methodologies:

​

Vulnerability Scanning

​

• Objective: The primary goal of vulnerability scanning is to identify and locate potential security vulnerabilities in a system or network.

• Methodology: Automated tools are used to scan a network, system, or application for known vulnerabilities. These tools compare the system's configuration and software versions against a database of known vulnerabilities to identify potential weaknesses.

• Depth: Vulnerability scanning is usually automated and provides a broad overview of potential vulnerabilities. It may not provide in-depth information on the exploitation of vulnerabilities or the impact of potential attacks.

• Frequency: Vulnerability scanning can be performed regularly as part of a proactive security strategy.

 

Penetration Testing

​

• Objective: Penetration testing involves simulating real-world cyberattacks to actively assess the security of a system or network.

• Methodology: Skilled cybersecurity professionals use a variety of tools and techniques to exploit vulnerabilities identified in a system. The goal is to understand the extent to which unauthorised access or data breaches can occur and to provide recommendations for improving security.

• Depth: Penetration testing goes beyond vulnerability scanning by actively attempting to exploit identified vulnerabilities. This includes assessing the impact of potential security breaches and evaluating the effectiveness of existing security controls.

• Frequency: Penetration testing is typically conducted periodically, often after major system changes or as part of a comprehensive security assessment.

​

MPA Content Security Best Practices control requirements

Groundwire's pen testing services are designed to conform with and meet the control requirements of the MPA Content Security Best Practices v5.2 on the proviso the controls are applicable and in scope:
 

• PS-4.2 [Physical Security / Monitoring / Data Centres, Co-locations & Cloud Providers]
  Penetration testing to include all and any relevant networks and systems located in data centres, co-locations, and with cloud service providers

• TS-2.9 [Technical Security / Network Security / Remote Access]
  Penetration testing to include all and any Work From Home / Remote Working environments from where remote access to systems and networks is initiated

• TS-4.0 [Technical Security / Vulnerability Management / Vulnerability Management]
  Regular vulnerability scanning of internal and external networks, production networks, non-production networks, virtual machines, containers and APIs or after any major infrastructure or application change

• TS-4.1 [Technical Security / Vulnerability Management / Penetration Testing]
  Annual penetration testing to cover all external IP ranges, hosts, web applications, and APIs incorporating unauthenticated and authenticated scanning across multiple network segments and locations or after any major infrastructure or application change.
   

Penetration Testing Service Pricing

Groundwire's pen testing service package pricing is summarised below. Prices are in Australian Dollars (AUD) and exclusive of GST. The actual penetration testing is conducted by Radiant Security utilising Certified Ethical Hackers domiciled in Australia.

​