Quality Results, Performance, and Consultants

The primary goal of a network penetration test is to determine if an attacker can gain access to sensitive data or systems through the target network.  This type of test involves evaluating the attack surface for potential vulnerabilities and, where applicable, leveraging those vulnerabilities to gain control of systems or access to data.  Network Penetration Tests are commonly used for internal and regulatory compliance.


External Vs. Internal

First, it can be an external test, internal test, or a combination of both.  An external test is from the perspective of an outsider examining the external network ranges of the target organization.  An internal test is from the perspective of an intruder who has gained some level of access to the internal network.

Network Penetration Test Variations

A normal (vanilla) network penetration test may include external ranges, internal ranges, or both.  External testing is performed as an attacker on the Internet, while the internal often performed from a compromised user perspective. 


In addition to a vanilla network penetration test, below are several common variations that you may need to meet your objectives:


business documents on office table with smart phone and laptop computer and graph financial with social network diagram and three colleagues discussing data in the background

Assumed Compromise

This is the most common form of an internal penetration test and also the most efficient at evaluating the risk to an organization. The penetration testing team begins this test with at least two sets of test user credentials that are modeled off regular users. These are used to evaluate the potential risk if a user were to get malware, such as if they fell for a phishing attack.
Get a Quote
Hand using phone with cloud computing and online storage concept

Rogue Device Presence

This test is from the perspective of an attacker getting a device onto the target internal network, but without a valid user account. It provides less value than an Assumed Compromised test but can help determine the risk when, for example, an employee connects a compromised personal computer to the corporate network. An Assumed Compromised test typically includes Rogue Device Presence testing.
Get a Quote
business documents on office table with smart phone and digital tablet and stylus and two colleagues discussing data in the background

Control Testing

This type of test is often categorized as purple-teaming.  It is a collaborative test between the attack team (i.e. the red team) and the security operations team (i.e. the blue team), and it typically targets specific security controls. The purpose of this type of test is to determine if certain controls are configured and performing correctly.
Get a Quote
Security concept Lock on digital screen, illustration

Red Team Exercise

A red team exercise is a longer-term adversarial engagement that is considered the no-holds bared of penetration testing. Physical access and social engineering attacks are in scope, and stealth is often a key factor to success.  This type operation serves to closely simulate a determined attacker attempting to gain access and exfiltrate key data.
Get a Quote

Network Segmentation Test

A network segmentation test is often incorporated with an internal gray box penetration test when one or more sensitive networks are under review. This is a common requirement for assessing the cardholder data environment (CDE) to comply with PCI DSS, but it may be valuable for assessing any network hosting sensitive data.
Get a Quote


Penetration testing is scoped by overall effort, which is time-boxed.  In combined internal + external penetration tests, the scoping is done separately, but the reporting effort is combined, thus saving the client some of the cost over scoping the exercises separately.

For internal network penetration tests, we will deploy a Secure Ideas Attack Machine (SIAM) as the internal presence.  The SIAM is either a physical device or virtual machine that uses a VPN connection back to Secure Ideas so that our testers can remotely access the target network.

Size Scope Price
Small Up to 100 live hosts or 3 class C networks $13,000
Medium Up to 500 live hosts or one class B network $20,800
Large Up to 5000 live hosts or more than 100 class B networks $33,800
Enterprise More than 5000 live hosts or more than 100 class B networks $65,000

For external network penetration tests our consultants will approach the external attack surface with ranges or hosts you provide.  Alternatively, we can also incorporate an extended reconnaissance exercise to identify targets.

Size Scope Price-range
Small Up to 10 live hosts $7,800
Medium Up to 100 live hosts $13,000
Large Up to 500 live hosts $20,800
Extra Large Up to 1000 live hosts $33,800
Enterprise More than 1000 live hosts Contact Us
Extra Recon 1-3 days of additional reconnaisance $2,600 - $7,800
Other Variations

We will scope any network penetration testing engagement in terms of overall effort.  To help you with planning, we have included typical price ranges for common test variations below.  If you don't see what you need, just ask!

Variation Scope Price-range
Control Testing Varies by number of controls/exercises $5,200 - $23,400 ea
Red Team Exercise Custom $33,800+
Segmentation Testing 1-3 target segments $5,200
Assumed Compromise Varies depending on requirements Contact Us
Rogue Device Presence Varies depending on requirements Contact Us

The Process

Have more questions about Network Penetration Testing?