Physical Security

What is a Physical Security Assessment?

Physical security assessments examine your company’s susceptibility against an attacker that tries to physically break into your company. This includes perimeter security, building security, access control systems as well as the implementation of security policies.

During such a test, our consultants use the methods of an attacker to attempt to gain unauthorized access to your physical infrastructure. In addition, we attempt to achieve pre-defined objectives that you set, such as

  • Getting access to employee workstations or servers
  • Stealing assets owned by your company (e.g. laptops, hard drives or cars)
  • Getting access to restricted rooms (e.g. server rooms or C-level offices)
  • Planting remote access hardware within your network
What is a Physical Security Assessment?
Physical Security Matters!

The physical security of your internal infrastructure and assets is an often overlooked but critical issue. Are your employees’ workstations properly encrypted? Is your server room locked down? Are your company’s confidential documents and secrets secured from unauthorized access? Are your current intrusion detection systems setup correctly without any blindspots?

Our audit ensures that you can answer all of these questions with a resounding Yes!, no matter what threat model and compliance requirements you have.

Our physical security assessments are characterized by the fact that our expertise in the field of IT security enables us to identify and evaluate not only physical but also potential digital points of attack. This holistic approach enables us to comprehensively identify security gaps and recommend effective protective measures for both physical and digital threats.

Physical Security Matters!

Course of a Physical Security Assessment

  • Initial meeting

    You tell us about your problems in an initial consultation. What questions do you have? What are your biggest risk factors? Whether it’s theft, industrial espionage or even sabotage — we strengthen your security, so you can sleep well.

  • Kickoff

    In a kickoff meeting, we will set the goals for the assessment, define the scope and prepare everything for a smooth and successful assessment.

  • Assessment

    During the assessment, our consultants will evaluate your physical security and attempt to achieve the goals set in the kickoff meeting. This usually involves social engineering techniques such as tailgating combined with exploitation of security vulnerabilities like RFID cloning.

    At all times, you will have a direct line of communication with our consultants in the event of detection.

  • Debriefing & Report

    After the assessment, you will receive a detailed report that includes a storyline of the assessment, our findings, and our impression of your physical security posture and associated risks. In addition, we will conduct a debriefing where we will present the report, our findings, and our overall impression.

Benefits

A physical security assessment is your key to proactive protection. Let us evaluate your perimeter, access controls, and procedures, identifying weaknesses and elevating your security posture. Our comprehensive and detailed report empowers you to make informed decisions and fortify your company. Stop worrying — take control with a physical security assessment today.

All we need is your written permission to begin the assessment. Other preparations, such as notifying local law enforcement of the test and gathering intelligence, will be handled by us.

If a graybox or whitebox approach is used to increase efficiency, you will need to provide us with information about the building, targets, and security measures in place.

Yes, whether at night time or in broad daylight. We can try to break into your building at any time.

Costs are based on our time and effort, as well as the requirements and scope of the assessment. Does the assessment include multiple company sites? How large are these sites? What are the assessment goals? Is a whitebox, graybox, or blackbox assessment desired?

With all these variables, it is difficult to give a precise estimate. We will help you find a reasonable assessment scope that suits you and your budget. Please feel free to contact us for a no-obligation initial meeting where we can discuss how we can help you: [email protected]

We need written approval from a person responsible for the building(s) and IT infrastructure being tested. Typically, this will be the CEO and the head of IT security.

After a physical security assessment, the anomalies found should be prioritized and mitigated. We will assist you in this process to ensure that the assessment has a lasting impact and significantly strengthens your overall security posture.

By default, we only test network access with our remote access hardware. But of course we can test the network and reachable applications. See also red teaming.

This is absolutely no problem. We can take the human factor out of the equation and focus on the security of your building. This often includes testing locks, access control hardware, and perimeter security. As part of a red teaming exercise, where it is important not to set off alarms, such hardware-focused tests are typically conducted at night.

Different companies have different requirements and threat models. As a result, the goals of a physical security assessment can vary widely. Here are some examples:

  • Access to the building
  • Access to employee offices
  • Access to C-level offices
  • Access to server rooms
  • Access to warehouses or hardware storage
  • Access to production lines (espionage / sabotage)
  • Stealing an employee’s laptop / workstation
  • Stealing confidential information
  • Stealing valuable assets (e.g. a car)
  • Implanting remote access hardware in the network

Of course we will help you to assess potential goals and define goals that are relevant for your company.

Within your company, the C-level management as well as the person responsible for your real estate should be informed. Additionally, high ranking IT security officers should be notified if the deployment of remote access hardware or other IT security-related actions are defined goals for the assessment.

We will also inform local law enforcement about the assessment to minimize the risk of potentially dangerous false positive emergency calls.

With a physical security assessment, we examine your physical defenses, uncover weaknesses, and recommend tailored steps to address each issue. Expect a detailed report that outlines risks and priorities so you can make informed decisions and strengthen your overall security.

Yes. If you want, we can conduct training on-site or as an online workshop. Because of the tools and techniques presented, an on-site workshop delivers the best experience.

Feel free to contact us with any questions: [email protected]

Get in touch

Curious? Any more questions? Call us, write a mail or book a meeting with one of our consultants right away!

Newsletter

Would you like to stay up to date? Sign up for our newsletter: