Internal Network Security Assessments evaluate the security of your company’s internal systems and how likely they are to be compromised once an attacker has access to any given system. The evaluation includes a review of your company’s estate, as weaknesses in computer platforms and other innocuous devices can lead to the compromise of your company’s critical data.


A number of differing threats and attack techniques can result in a malicious attacker gaining access to an Internal network. Remote Access, External Vulnerabilities, Phishing or Social Engineering techniques can each result in an intrusion into your private corporate network.

With a continually evolving set of threats to safeguard against and an exponential rise in the number of attacks and security breaches, internal security needs to be focused on, as much as perimeter security.

Organisations should anticipate and prepare for a security incident and take preventative steps to assess and secure their assets, both external and internal.

Our Penetration Testers use a combination of the most effective automated tools and manual exploitation techniques to identify vulnerabilities across your entire internal estate. An extensive report provides a thorough description of each identified vulnerability and provides business context alongside each issue.

This is supplemented by technical and non-technical descriptions including evidence of exploitation to assist in prompt remediation activities and provide a thorough understanding of each issue.

An internal network assessment and subsequent report will allow your business to:

  • Understand risks that exist across your internal network.
  • Make ongoing improvements to your internal security posture via specialist support, advice and consultancy.
  • Adhere to regulatory bodies who require internal penetration tests be performed.
  • Gain access to a dedicated team of specialist CREST Registered penetration testers who use the latest tools and techniques to accurately assess and identify emerging threats.


1. What is the difference between an Internal Penetration Test and an External Test?

An Internal Penetration Test is focused around your the internal network ranges which contain your workstations and servers which are not publicly accessible rather than a specifc set of hosts which are directly accessible over the internet.

2. Why do I need an Internal Network Penetration Test?

Internal networks can be accessed through a number of exploitation methods and the access used to target your workstations and servers.

Depending upon the security of your devices this access may lead to an attacker quickly escalating their privilges to that of an Administrator, or provide access to a range of sensitive content.

If access is gained it is important to minimise the damage and extent of this security breach. Ensuring your systems are safeguarded against an array of security threats and keeping your sensitive data and systems protected in the event of an attack is a critical part of any security solution.

3. What will I receive after the test has been completed?

The deliverable from any Internal Network Test is a complete report, detailing and contextualising each identified vulnerability against your business and relaying the risks that each issue poses to your systems and services.

The report provides a complete description of what each identified issue is, specific remediation advice on how to address the issue, and detailed evidence, wherever necessary to verify the issues impact.