Internal pentest: Identify your vulnerabilities before cybercriminals do!
With an internal pentest, we put your network through its paces - whether Active Directory, IoT or OT. We find security gaps, create clear reports and give you specific recommendations for action. So you are always one step ahead of potential attacks.
What is an internal pentest?
Our internal pentests are divided into two modules so that you can choose the right solution for your needs:
Basic module (focus on Active Directory)
- Detailed analysis of all relevant AD components
- Check user and group permissions
- Check your security policies and configurations
- Detect potential misconfigurations or vulnerabilities
- Individual final report with catalog of measures
Comprehensive module (entire network, IoT & OT)
- Contains all services of the basic module
- Additional focus on the entire, internally accessible network
- Inclusion of IoT and OT systems
- Identification of all potentially vulnerable devices and interfaces
- Summary in a structured final report including prioritized recommendations for action
Reasons for an internal pentest (advantages at a glance)
Realistic tests
Simulation of real attacks from the internal network
Proactive security strategy
Identification of vulnerabilities before attackers exploit them
Cost-efficient
Early detection and elimination of gaps is cheaper than the cost of potential damage
Meeting compliance requirements
Many industry standards (e.g. ISO 27001) require regular pentests
Sound basis for decision-making
Our reports are technically precise yet clearly formulated - for confident decisions at all levels
Basic vs. Comprehensive
| Features | Basic module | Comprehensive module |
|---|---|---|
| Focus Active Directory | ||
| IoT and OT systems | img/icons/cross. svg | |
| Comprehensive network analysis | Limited (only AD relevance) | Complete check of the entire network |
| Final report | Detailed, AD-specific | Detailed (incl. network, IoT & OT) |
Häufig gestellte Fragen (FAQ)
How does an internal pentest work?
Our experts first agree the scope and objectives of the test with you. We then check your IT infrastructure step by step for potential vulnerabilities. At the end, you will receive a detailed report including recommendations for action.
Does a pentest disrupt ongoing operations?
Generally not. We try to plan the test in such a way that your normal work processes remain as undisturbed as possible. Critical steps are carried out in close consultation with you.
How often should an internal pentest be carried out?
At least once a year or after major changes to your IT infrastructure. This ensures that new systems and updates are just as secure as existing ones.
Is the basic module sufficient for small companies?
For companies with less complex networks or if the focus is on the Active Directory, the basic module is often sufficient. However, as soon as IoT or OT components are added or if the network is very diverse, the Comprehensive module is recommended.
Do I also get a follow-up consultation?
Of course. We will take the time to answer your questions and go through the report with you. We also offer workshops or additional support services on request
Bekomme ich auch eine Nachberatung?
Selbstverständlich. Wir nehmen uns Zeit, um Ihre Fragen zu beantworten und den Report mit Ihnen durchzugehen. Darüber hinaus bieten wir auf Wunsch auch Workshops oder zusätzliche Support-Leistungen an.
Selected Certifications
Emergency?
+49 157 92500100Headquarters Germany
Switzerland
