Penetration Testing

Learn exactly how vulnerable your most critical assets are to cyber attacks

Identify vulnerable assets to strengthen your security defenses

Organizations do all they can to protect their critical cyber assets, but they don’t always systematically test their defenses. Penetration Testing from Mandiant Consulting helps you strengthen your security for those assets by pinpointing vulnerabilities and misconfigurations in your security systems.



    Mandiant security experts simulate the tactics, techniques and procedures (TTPs) of real-world attackers targeting your high-risk cyber assets. Our deep knowledge of advanced persistent threat (APT) attacker behavior can help you:

    • Determine whether your critical data is at risk
    • Identify and mitigate complex security vulnerabilities before an attacker exploits them
    • Gain insight into attacker motivations and targets
    • Get quantitative results that help measure the risk associated with your critical assets
    • Identify and mitigate vulnerabilities and misconfigurations that could lead to future compromise

    What you get

    • High- level executive summary report
    • Technical documentation that allows you to recreate our findings
    • Fact-based risk analysis to validate results
    • Tactical recommendations for immediate improvement
    • Strategic recommendations for long-term improvement


    M-Trends is an annual publication from Mandiant that contains insights based on frontline investigations of the most interesting and impactful cyber attacks of the year.

    Real attacks. Real learning. Real refinement.

    Penetration tests conducted by Mandiant Consultants are customized to your environment no two assessments are ever the same. A wide variety of penetration testing options are available, with each option providing information that can dramatically improve security in your organization.

    Penetration test Objective Benefit
    External Penetration Tests Identify and exploit vulnerabilities on systems, services and applications exposed to the Internet Understand risk to assets exposed to Internet
    Internal Penetration Tests Emulate a malicious insider or an attacker that has gained access to an end user's system, including escalating privileges, installing custom crafted malware and/or exfiltrating faux critical data Understand risk to business from a breach
    Cloud Penetration Testing Identify security threats and validate technology controls relevant to your cloud-hosted environments Understand the latest cloud security threats facing your organization, based on real-world incidents

    Our approach

    The penetration testing service applies a systematic approach to uncovering vulnerabilities that leave your critical assets at risk. This service comprises four steps: target reconnaissance, vulnerability enumeration, vulnerability exploitation and mission accomplishment.

    In target reconnaissance, Mandiant consultants gather information about your environment, including company systems, usernames, group memberships and applications.

    For vulnerability enumeration, Mandiant security professionals seek to identify your exploitable vulnerabilities and determine the best way to take advantage of them.

    In vulnerability exploitation, penetration testers attempt to realistically exploit the identified vulnerabilities using a combination of publicly available exploit code, commercial penetration testing tools and customized exploit code and tools.

    In mission accomplishment, Mandiant experts gain access to your internal environment. Tactics could include accessing through the internet, by stealing data from segmented environments, or subverting a device with malicious commands.

    Penetration Testing FAQ

    What is penetration testing? expand_more

    Penetration testing (or pen testing) is the systematic testing of an organization’s cyber defenses by searching for and pinpointing vulnerabilities and misconfigurations.

    How are vulnerable assets identified? expand_more

    Experienced security vendors will review an organization’s strategic objectives and operational processes to identify levels of business risk. Then, critical information assets are defined based on their significance to the business, their value to an attacker and their associated business impact if they were to be compromised.

    How does the cloud impact penetration testing? expand_more
    The growing migration to cloud-hosted environments requires organizations to have a mature cloud security posture. Organizations should assess their cloud risks, evaluate cloud threats and validate their cloud technology controls. Penetration testing can assess the effectiveness of an organization’s existing cloud security defense capabilities and controls across the most popular cloud platforms.

    Ready to get started?

    Our security experts are standing by to help you with an incident or answer questions about our consulting and managed detection and response services.