A Thorough Inspection, Not A Crash Test
This is our white-box audit, and where a penetration test is adversarial, the Review is collaborative. We expect full visibility - architecture diagrams, configurations, identity and access policies, network topology, source code where applicable, process documents, and discussion with staff. Much as a thorough vehicle inspection assesses roadworthiness by examining how something is built and maintained rather than by driving it into a wall, the Review examines the design and operation of your estate directly. We supplement this transparency with technical enumeration of your systems to discover aspects of them you may not know of at all. Unlike our Manual Penetration Test and Red Teaming engagements, the Review does not focus on realistically simulating attacker behaviour. Instead, it focuses on directly assessing the quality of your security architecture, configurations, processes, and operational practices.