Assumed Breach Testing Providers
Assumed breach testing is a targeted security assessment that begins from the premise that an attacker has already gained initial access to the organisation's environment. Instead of spending time on initial compromise (which is covered by traditional pen testing), assumed breach testing focuses on what an attacker can achieve once inside the network.
Testers are given a starting point such as a compromised user workstation, VPN credentials, or access to a specific network segment, and then attempt to escalate privileges, move laterally through the network, access sensitive data, and reach high-value targets or crown jewel assets. This approach directly tests the effectiveness of internal security controls including network segmentation, endpoint detection and response (EDR), privilege access management, monitoring and alerting, and incident response procedures.
Assumed breach testing is highly efficient because it focuses testing time on the most impactful scenarios - the activities an attacker would perform after gaining initial access. It is particularly valuable for organisations that want to test their internal defences and detection capabilities without spending engagement time on perimeter testing. This approach is recommended by NIST and aligns with zero-trust security principles that assume breach as a starting point for security architecture.
Aon Cyber Solutions
Cybersecurity consulting division of global insurance leader Aon, uniquely combining penetration testing with cyber risk quantification and insurance expertise.
Bishop Fox
Premier US-based offensive security firm known for elite penetration testers, cutting-edge research, and the Cosmos continuous attack surface management platform.
Bulletproof
CREST-accredited UK cybersecurity and compliance provider offering penetration testing, managed security services, and regulatory consultancy to over 2,000 customers from its Stevenage headquarters.
CrowdStrike
Global cybersecurity leader leveraging world-class threat intelligence from the Falcon platform to deliver intelligence-led penetration testing and red teaming.
JUMPSEC
Full-service London-based cybersecurity consultancy with CREST, CHECK, and NCSC accreditations delivering offensive testing, managed detection, and strategic advisory services.
Mandiant
World-renowned cybersecurity firm now part of Google Cloud, delivering threat intelligence-led penetration testing and red teaming informed by front-line incident response experience.
MDSec
Elite UK offensive security consultancy specialising in CBEST/STAR/TIBER red teaming, advanced adversary simulation, and CREST-accredited penetration testing for FTSE 100 clients.
NCC Group
Global cybersecurity consultancy with CREST, CHECK, and CBEST accreditation, renowned for deep technical research and comprehensive penetration testing services.
NetSPI
Leading penetration testing firm with the Resolve platform for continuous attack surface management, trusted by nine of the top ten US banks.
Nettitude
CREST, CHECK, and CBEST accredited UK consultancy within Lloyd's Register, delivering premium penetration testing for government and critical infrastructure.
Offensive Security
Creators of OSCP, Kali Linux, and Exploit-DB, offering elite penetration testing services from the team that trains the world's ethical hackers.
Praetorian
Offensive security firm founded by former DoD professionals, offering elite penetration testing and the Chariot continuous attack surface management platform.
PwC Cyber Security
Global Big Four professional services firm delivering CREST, CHECK, and CBEST-accredited penetration testing and red teaming services from London, serving the UK's largest enterprises and regulated organisations.
SECFORCE
Leading UK offensive security consultancy based in Canary Wharf, delivering CREST-accredited penetration testing and adversary simulation to organisations with the most demanding security requirements.
Secureworks
Dell Technologies-backed cybersecurity firm with elite Counter Threat Unit intelligence informing enterprise penetration testing and adversary simulation.
SpecterOps
Adversary-focused security firm created by former DoD red team operators. Creators of BloodHound. CREST-accredited for penetration testing, red teaming, and purple team assessments.
Assumed Breach Testing FAQs
How is assumed breach testing different from internal pen testing?+
Internal pen testing starts with network access and tries to find vulnerabilities from scratch. Assumed breach starts with a simulated compromised endpoint or credentials, focusing specifically on post-compromise activities and detection testing.
What starting points are typical?+
Common starting points include a compromised user workstation, stolen VPN credentials, a phished employee account, or access from a specific network segment. The starting point is chosen to simulate realistic breach scenarios.
Who should consider assumed breach testing?+
Organisations with mature security programmes, EDR solutions, SIEM/SOC capabilities, and network segmentation who want to validate that their internal defences work as expected against a determined attacker.