Physical Security Assessment

Our Physical Security Assessment helps you determine the effectiveness and efficiency of your physical controls designed to protect your people, premises, and assets.

Defend Your Organization with Comprehensive Physical Security Assessments

Cyber attackers typically conduct their tests from some remote location, remaining a faceless, nameless opponent. While most cyberattacks do not include physical components, when attackers conduct a successful physical breach of your organization, the result can be truly devastating.

An attacker who gains physical access to your organization may have the opportunity to change settings in your security controls, enabling a remote access path for their remote accomplices. They may directly access sensitive internal information. They might install a wireless access point, enabling wireless access once they leave the building. They might install hardware keyboard loggers, which can be extremely difficult to detect, and they might be able to install malware on available systems. An attacker might disable alarms or locks for later intrusions, or even create themselves a valid access badge. Physical intrusions can lead to the theft of computer systems along with the data they hold – in some cases essentially emptying the target’s data center.

Our physical security assessment help provide full-coverage security for clients. An Evolve Security Physical Security Assessment is designed to help protect your employees and your physical assets. This can be a different skill set from a standard social engineering engagement, but is highly related since an attacker performing a physical intrusion is usually not just trying to walk off with a random laptop – they are trying to make additional access more successful.

Our physical security assessment helps you understand how well you are doing at protecting your employees and physical assets. Not only does a physical intrusion assessment include an engagement-specific report, but our security professionals also update the Darwin Attack® portal with key findings. This means you don’t need to wait for the report to start remediation. You can start fixes immediately, making the best use of the information in our collaboration portal.

Our physical security assessment solutions

Evolve Security’s physical security assessments primarily test the physical controls that protect access to your building, but also test your human controls. The process used to perform a physical security assessment is similar to most security assessment services:

  • Define the scope: Scope the test to ensure we have well-defined testing goals and rules of engagement. Agree on the targeted facility and staff. Define approved testing window. Agree on the “get out of jail free” letter, and proper escalation/continuation actions in the event of a serious challenge to the assessor(s).
  • Complete reconnaissance: Research the public face of your organization (including social media) to determine potentially interesting details and targets, including targeted systems or applications, as well as both general and specific users. Includes physical reconnaissance to identify all potential access points such as doors, windows, loading docks, underground access, common walls with organizational space, or parking garage access. Observe delivery options like handling of food, flowers, and packages.
  • Assessment: Attempt simple intrusions by dumpster diving, tailgating or “walk-ins”. Test other identified access points or means of entry with varying degrees of diligence. Evaluate effectiveness of physical controls such as locks and alarms, as well as of observant staff. Include incidental physical measures that may be tangential to cybersecurity but relevant to safety of staff and facilities. Include results of related testing to maximize test efficiency and effectiveness.
  • Report on the results of the engagement.

The overall results of a physical security assessment are usually pretty clear – the assessor gained physical access or they did not. But it is important to clarify the details of any breach and its associated potential impact.  As a result, Evolve Security is committed to ensuring that the results and impacts are as clear and concise as possible through a social engineering briefing, that discusses the results with your appropriate staff – not a one-way briefing, but a conversation about the results to ensure we both understand the impact.

Modernize your physical security assessment approach

Many penetration test companies do not offer full social engineering assessment services. Penetration test vendors are more focused on the automated technical testing. Those who do perform social engineering often rely on tools and limit the customized portions of the testing, making such tests more “cookie cutter.”

Evolve Security is dedicated to making all social engineering engagements focused on your specific concerns and your staff and environment. Our physical security assessments are highly customized to you, and focus on your specific facilities and staff. The goal of our physical security assessment is to enable you to improve your physical controls, protecting your staff and physical assets, as well as any data that may be located on those assets. Improved physical controls verifies your control over your operations, and thus increasing both security and reliability.

During physical security assessment engagements, our security professionals enter findings, such as identified issues and potentially exploitable findings (like passwords, or other sensitive details), directly into our Darwin Attack® portal. We update the portal in a near-real-time basis, not at the end of the test. Providing you access to the same portal used by our testers and security professionals helps maximize the efficiency and effectiveness of your entire testing, remediation, and management process. You get to being remediation, including testing and internal communications earlier, speeding up your remediation process.

Our physical security assessments continue to evolve

Like all components of social engineering, a physical security assessment tends to be a highly customized offering, highly dependent on the specific organization. Evolve Security engages experienced staff to conduct physical security assessments – staff who have the ability and willingness to conduct such tests successfully, not just attempting a breach, but trying to maximize the effect of any physical access they are able to obtain. Additional technology (like wireless access points or keyboard loggers) may be used as appropriate for the assessment, and Evolve Security always maintains a current set of the best tools available for any given situation. Our team of security professionals constantly monitors developments in physical security intrusion techniques, and update processes and standards as appropriate. We also hold regular project review sessions and update our internal standards to help ensure we are assessing to at least standards of good business practice, based on the practices of current clients. Every engagement includes review of our own benchmarks to help ensure that we are assessing to the most appropriate set of controls.

Get Your Darwin Attack Demo Today

Start Pentesting in 2 Weeks