Penetration Testing

How well will your security hold up against an attack?

Penetration tests play a critical role in establishing the efficacy of your current security posture by identifying vulnerabilities within your environment before they can be exploited by cyber criminals or others with malicious intent. These proactive simulations, when conducted on a consistent basis, test your defenses against Fortis experts using real-world ethical hacking techniques to determine if your devices, applications, and network can be compromised. The results deliver unbiased, third-party insights on ways your organization can improve protection and reduce risk.


  • Test different aspects of your security infrastructure
  • Uncover areas of high risk that may otherwise remain impossible to detect without exposure to a vulnerability scan or well-planned attack
  • Determine how your organization may be impacted before, during, and after a successful attack
  • Deliver undeniable evidence to support further investments in security solutions and services
  • Satisfy compliance requirements to meet security standards and special certifications, which often require regular penetration testing

Fortis offers three distinct types of penetration tests, each designed to focus on different aspects of your environment. Each pen test includes a detailed report summarizing the results and making recommendations on how to improve the security posture of your organization.

Internal Pen Test

An internal pen test examines the risks associated with a compromised host already connected to your network, or an employee acting with malicious intent. A small PC is shipped to your organization, and once connected, provides the off-site Fortis team with limited access to your network. They then attempt to obtain user credentials, escalate privileges, and access highly sensitive IT assets and data.

External Pen Test

An external pen test takes the perspective of an internet attacker attempting to breach your network perimeter from the outside. Your organization provides a list of IP addresses and domain names to include as part of the assessment, and an expert from Fortis tries to remotely gain access and venture deep into your network using a variety of sophisticated tactics.

Internal & External Pen Test

An internal & external pen test is a comprehensive engagement that simulates an attack on every aspect of your organization’s infrastructure. This exhaustive approach primarily focuses on stealth and detection avoidance as experts from Fortis attempt to breach your organization’s internet-facing systems using a list of IP addresses and DNS information while also trying to move laterally throughout your environment from a small PC connected to the internal network.