Assumed Breach Testing Providers
Assumed breach testing is a targeted security assessment that begins from the premise that an attacker has already gained initial access to the organisation's environment. Instead of spending time on initial compromise (which is covered by traditional pen testing), assumed breach testing focuses on what an attacker can achieve once inside the network.
Testers are given a starting point such as a compromised user workstation, VPN credentials, or access to a specific network segment, and then attempt to escalate privileges, move laterally through the network, access sensitive data, and reach high-value targets or crown jewel assets. This approach directly tests the effectiveness of internal security controls including network segmentation, endpoint detection and response (EDR), privilege access management, monitoring and alerting, and incident response procedures.
Assumed breach testing is highly efficient because it focuses testing time on the most impactful scenarios - the activities an attacker would perform after gaining initial access. It is particularly valuable for organisations that want to test their internal defences and detection capabilities without spending engagement time on perimeter testing. This approach is recommended by NIST and aligns with zero-trust security principles that assume breach as a starting point for security architecture.
SECFORCE
Leading UK offensive security consultancy based in Canary Wharf, delivering CREST-accredited penetration testing and adversary simulation to organisations with the most demanding security requirements.
NCC Group
Global cybersecurity consultancy with CREST, CHECK, and CBEST accreditation, renowned for deep technical research and comprehensive penetration testing services.
Nettitude
CREST, CHECK, and CBEST accredited UK consultancy within Lloyd's Register, delivering premium penetration testing for government and critical infrastructure.
NetSPI
Leading penetration testing firm with the Resolve platform for continuous attack surface management, trusted by nine of the top ten US banks.
Mandiant
World-renowned cybersecurity firm now part of Google Cloud, delivering threat intelligence-led penetration testing and red teaming informed by front-line incident response experience.
Bishop Fox
Premier US-based offensive security firm known for elite penetration testers, cutting-edge research, and the Cosmos continuous attack surface management platform.
CrowdStrike
Global cybersecurity leader leveraging world-class threat intelligence from the Falcon platform to deliver intelligence-led penetration testing and red teaming.
Secureworks
Dell Technologies-backed cybersecurity firm with elite Counter Threat Unit intelligence informing enterprise penetration testing and adversary simulation.
Praetorian
Offensive security firm founded by former DoD professionals, offering elite penetration testing and the Chariot continuous attack surface management platform.
Offensive Security
Creators of OSCP, Kali Linux, and Exploit-DB, offering elite penetration testing services from the team that trains the world's ethical hackers.
Aon Cyber Solutions
Cybersecurity consulting division of global insurance leader Aon, uniquely combining penetration testing with cyber risk quantification and insurance expertise.
Assumed Breach Testing FAQs
How is assumed breach testing different from internal pen testing?+
Internal pen testing starts with network access and tries to find vulnerabilities from scratch. Assumed breach starts with a simulated compromised endpoint or credentials, focusing specifically on post-compromise activities and detection testing.
What starting points are typical?+
Common starting points include a compromised user workstation, stolen VPN credentials, a phished employee account, or access from a specific network segment. The starting point is chosen to simulate realistic breach scenarios.
Who should consider assumed breach testing?+
Organisations with mature security programmes, EDR solutions, SIEM/SOC capabilities, and network segmentation who want to validate that their internal defences work as expected against a determined attacker.