Skip to content

Physical Security Testing๐Ÿ”—

Service Overview๐Ÿ”—

Secureworks will test your organizationโ€™s physical defenses and monitoring. This offering comes in two different flavors: Escorted and Covert. An expert physical penetration tester will assess the physical perimeter of one of your organizationโ€™s buildings for flaws, exploit the flaws, and attempt to gain access to one or more locations within the building (server closets, sensitive office areas, etc.).

Service Methodology๐Ÿ”—

The Secureworks approach to physical penetration testing is rooted in an internally developed methodology, drawn from industry best practices and enriched by real-world field experience, including the expertise of veterans. Secureworks collaborates closely with you to determine the objectives of the assessment. Prior to the test, Secureworks will schedule a kickoff call to establish rules of engagement, points of contact, scope, risk acceptance, reporting requirements, test timelines, and schedules.

The activities performed during a penetration test can be highly tailored, depending on the customer's business vertical, building size, and location. However, for covert engagements, activities can typically include:

Open-Source Information Gathering:๐Ÿ”—

  • Gathering information about the target organization, such as:
    • Building location
    • Floor plan
    • Nearby Facilities
  • Identification of key personnel and third-party contractors.
  • Searching for sensitive data published on social media (e.g., employee pictures containing badges).

On-site Reconnaissance:๐Ÿ”—

  • Visiting the target location to gather more detailed information about employees' routines and movements.
  • Identification of security measures, access points, surveillance systems, and potential entry points.

Social Engineering:๐Ÿ”—

  • Engaging with employees or personnel to gather additional information through non-technical means.
  • Following employees in public areas to perform an RFID badge capture/clone.

Physical Access Attempt:๐Ÿ”—

  • Attempting unauthorized access to the premises using various methods, such as tailgating or posing as a maintenance worker.
  • Evaluating the effectiveness of security controls in preventing unauthorized physical access using various methods, such as under-the-door tools, lockpicking tools, or a cloned RFID badge.

Insider Threat Simulation:๐Ÿ”—

  • Attempts to gain access to restricted areas.
  • Examination of data present on desks to identify sensitive data such as passwords on post-its or critical business/customer data.
  • Internal network access via a drop-box, to complete any digital goals requested.

Outcome๐Ÿ”—

Presentation of findings and deliverables compiled by Secureworks will be provided to you in the form of a report. The report will include the following:

  • Executive summary
  • Methods, detailed findings, narratives, and recommendations if any
  • Attachments as needed for relevant details and supporting data

In addition, Secureworks can perform a live debrief on-site during the last day of the engagement.

Scoping Information๐Ÿ”—

Scope Description
Physical Penetration Test 1 physical location / building.

This scenario simulates an external threat covertly breaching into a building without prior knowledge from the security team. Objectives may include: Gaining physical access to C-suite level, extracting sensitive physical data, or deploying a dropbox into the internal network to establish remote access. Unlike the Physical Security Audit, this simulation may involve employee interaction and social engineering techniques to assess overall security preparedness against external threats.

Limitations๐Ÿ”—

Due to the unique nature of physical social engineering, additional scoping will be required. This includes a scoping teleconference with a member of the Secureworks physical security testing team, and additional legal protections for both you and Secureworks.

Scheduling and Booking Information๐Ÿ”—

See Service Scheduling for information about scheduling this service.