At the very minimum you should perform independent annual penetration tests. However if issues are identified all "critical to medium" ranked issues should be prioritised, resolved and you should re-test until only low risk or informational risk items remain. Low risks are still important to resolve over time but would not delay accreditations. Total Group now provide Penetration Testing as a perpetual service (PTAAS) where tests can be scheduled throughout the year. Quarterly tests and tests following major changes like PC refresh or firewall changes is best practice.

A vulnerability scan scans the environment against all known existing vulnerabilities. Our scans are very comprehensives and as well as detecting and testing PCs, and Servers also scans devices like IOT, printers, NAS, CCTV, BMS anything connected to your network.

A Penetration test attempt to capitalise on both known and unknown vulnerabilities and physically probes devices with a view to exploiting flaws. Many tests just probe from the outside (internet) inbound to your network but at Total Group we test from both outside and also inside as many cyber threats rely on lateral movement through a network.

Depending on the size of your network we offer the quickest certified turnarounds typically 2-4 days. On placing your order we will ship you a personalised test server within 24 hours. This is plug and play just connect to power and your LAN and that's it. If your are on a penetration testing as a service plan you can keep the test server and can have results within 72 hours.

If you are performing a one off test than we include a prepaid return label and test results are available within 24 hours of returning the test server. The test server needs to be plugged in for 1-2 days to fully probe all devices and engineers will confirm when its ready to be shipped back. In an emergency we can provide test results prior to the server return but please bear in mind that if the server is not returned within 30 days we will assume you are keeping the server and transfer you to a penetration testing as a service plan.

Unlike most testing companies you are not alone with your results. Many companies struggle to understand test results let alone know what to do with them. Total Group have simplified results to include clear categories, executive summaries and a management plan that sets out actionable insight to rectify issues. We explain how these risks affect your organisation, where your organization stands compared to its peers, how this compares to the last assessment, are all examples of data included in each report.

We help your internal teams understand the actions required to deliver improvement and if you don't have the time and resources to mitigate inhouse we can quote to resolve. For Example, this may include quoting for software to provide patch management tools or engineering time for a firewall engineer to review and harden your open port configurations.

No, unlike many consultative and manual testing regimes we don't need physical or remote access to your site and we don't need your staffs input which can often be very significant. We don't need administration access. Simply plugin our test server than when we are done unplug it and pop it back in the paid envelope. We will typically email test results within 72 hours.

You wont notice it as we are careful to limit probing levels so that devices are never overwhelmed. Testing does use moderate levels of processing and networking bandwidth resources, so its not something you would want to do every day. On the day of testing you might see small levels on latency (slowness) of devices currently under test. So that printer may take 6 seconds instead of the usual 4 to fire up as we are busy probing it.