CREST Accredited IT Health Check (ITHC)
Protect.
CREST Accredited IT Health Check (ITHC)
In today’s rapidly evolving cyber threat landscape, organisations face increasingly sophisticated attacks that can compromise sensitive data and disrupt operations.
CyberLab’s IT Health Check (ITHC) services proactively address these risks by identifying and mitigating vulnerabilities before they can be exploited. By conducting thorough assessments of your IT infrastructure, we help ensure your systems are resilient against emerging threats, thereby safeguarding your organisation’s assets and reputation.
Regular ITHCs not only enhance your security posture but also ensure compliance with industry standards and regulatory requirements, providing peace of mind in an ever-changing digital environment.
Why an IT Health Check?
An ITHC is a comprehensive security assessment aimed at identifying vulnerabilities within an organisation’s IT infrastructure.
The service is essential for ensuring systems are resilient to evolving cyber threats, supporting the continued strengthening of the UK’s cyber defences, particularly for public and government sector organisations.
As a CREST & CHECK-accredited service provider, CyberLab offers IT Health Check (ITHC) services in alignment with the National Cyber Security Centre’s (NCSC) high standards.
Enhanced Security Posture
Proactively identifies and mitigates vulnerabilities to strengthen your defences against evolving cyber threats.
Operational Resilience
Protects critical systems and minimises potential downtime by addressing risks before they can disrupt operations.
Regulatory Compliance
Ensures adherence to NCSC, CHECK, and other regulatory requirements, reducing the risk of non-compliance penalties.
Trusted Assurance
Provides confidence to stakeholders by demonstrating a commitment to robust security practices and safeguarding sensitive data.
IT Health Check: The CyberLab Approach
Discover how CyberLab’s meticulous IT Health Check process delivers a comprehensive evaluation of your organisation’s security posture. From initial scoping to detailed reporting, our tailored approach ensures vulnerabilities are identified and addressed, helping you stay ahead of cyber threats and maintain compliance with industry standards.
One of our CREST, CHECK, and Cyber Scheme certified consultants will work with you to define the scope of the engagement and ensure that our tests will fulfil your requirements.
Assessing internet-facing systems such as email servers, web servers, firewalls, and remote access solutions like Virtual Private Networks (VPNs).
Examining internal networks, including desktop and server configurations, patch management, remote access setups, and wireless networks.
Comprehensive scanning of endpoints, servers, and applications to identify security gaps.
“Having used CyberLab before in a previous Head of IT role, I had no hesitation in engaging them again to assist us with our security needs. Simply, I wouldn’t use them if they didn’t consistently deliver value.”
– Head of IT, NHS Trust
Why Choose CyberLab?
Thousands of organisations across the UK trust us, here’s why…
CREST & CHECK Accredited
We are certified for both CREST and CHECK Green Light testing - an achievement not all testing companies can claim.
CREST Infrastructure & Application Testing
We are certified in both CREST Infrastructure and Application testing, ensuring comprehensive security coverage for all your systems.
Experienced & Senior Consultants
Our team consists of highly experienced, senior consultants and penetration testers with over 15 years of industry expertise.
Outstanding Communication
We establish dedicated teams or Slack channels to ensure seamless two-way communication between project managers, testers, and your team throughout the entire project.
Clear and Concise Reports
We provide easy-to-understand reports with detailed findings and actionable recommendations.
Specialised Testing Teams
We have specialised teams for Cloud, Application, and API testing. Our app and API testers, who are former developers, communicate fluently with your development team, leveraging their coding expertise to deliver deeper, more effective testing.
We Save You Time and Money
Clients consistently tell us that we deliver higher-quality testing in less time.
Forward-Thinking Security
Our pen testing team goes beyond identifying vulnerabilities, offering proactive solutions to mitigate future risks and ensure your security evolves ahead of emerging threats.
CREST, CHECK & Cyber Scheme Certified
CyberLab is both CREST and CHECK-certified, meaning our team meets the rigorous standards set by the NCSC and other leading industry bodies. CREST (the Council of Registered Ethical Security Testers) is an international accreditation with strict codes of conduct and ethics. CHECK is the Government-backed accreditation from the NCSC, certifying that a company can conduct authorised penetration tests on public sector systems and networks.
All our penetration testers are certified by CREST, with senior consultants certified to the highest CCT Level. Additionally, our testers are either CHECK Team Leaders (CTLs) or Team Members (CTMs). Security testers passing the Cyber Scheme exams demonstrate “competence and skill at the highest levels,” as defined by NCSC.
With decades of combined experience, our team takes pride in operating at the industry’s highest level – conducting a broad range of government and commercial tests while always going the extra mile to ensure comprehensive results.
The Role of Penetration Testing in IT Health Checks
Penetration testing, or pen testing, is an essential element of an IT Health Check, simulating real-world attacks to uncover vulnerabilities across your organisation’s systems, networks, and applications. By identifying and addressing weaknesses, this proactive measure helps fortify your defences and reduces the risk of cyber threats compromising your critical assets.
Here’s the process…
One of our CREST, CHECK, and Cyber Scheme certified consultants will work with you to define the scope of the engagement and ensure that our tests will fulfil your requirements.
Your assigned consultant will gather information on your organisation, including:
- IP addresses of websites and MX records
- Details of e-mail addresses
- Social networks
- People search
- Job search websites
This information will assist in identifying and exploiting any vulnerabilities or weaknesses.
Within the Threat Analysis stage we will identify a range of potential vulnerabilities within your target systems, which will typically involve a specialist engineer examining:
- Attack avenues, vectors, and threat agents
- Results from Research, Reconnaissance and Enumeration
- Technical system/network/application vulnerabilities
We will leverage automated tools and manual testing techniques at this stage.
Once we have identified vulnerabilities, we will attempt to exploit them in order to gain entry to the targeted system.
There are three phases to this stage:
Exploit – use vulnerabilities to gain access to a system, e.g. inject commands into an application that provide control over the target.
Escalate – attempt to use the exploited control over the target to increase access or escalate privileges to obtain further rights to the system, such as admin privileges.
Advance – attempt to move from the target system across the infrastructure to find other vulnerable systems (lateral movement) potentially using escalated privileges from target systems and attempting to gain further escalated privileges and access to the network.
Your Penetration Test Report will detail any identified threats or vulnerabilities, as well as our recommended remedial actions. Threats and vulnerabilities will be ranked in order of importance.
The report will also contain an executive summary and attack narrative which will explain the technical risks in business terms. Where required, we can arrange for your CyberLab engineer to present the report to the key stakeholders within your organisation.
The report will provide information on remedial actions required to reduce the threats and vulnerabilities that have been identified.
At this stage, we can provide you with the additional consultancy, products, and services to further improve your security posture.
Penetration Testing Success Story
COP26
Identity Events Management, the agency contracted to deliver the 2021 United Nations Climate Change Conference (COP26), needed to ensure that their defences were secure for the conference.
‘We were delighted to be involved in the security testing surrounding the United Nations Climate Change Conference, and to work alongside Identity as they delivered hybrid event solution. At CyberLab, working securely from anywhere is ingrained in our company, and this event really encapsulated this new way of working and accessing events.’
– Gavin Wood, CEO, CyberLab
IT Health Check: FAQ's
Conducting an ITHC helps ensure that your external systems are protected from unauthorized access or changes, and that internal systems are free from significant weaknesses. This proactive approach aids in preventing security breaches and maintaining the integrity of your IT environment.
It’s recommended to conduct an ITHC annually or whenever significant changes are made to your IT systems. Regular assessments help maintain a robust security posture and ensure compliance with evolving security standards.
An ITHC generally includes external testing of internet-facing services, internal testing of networks and devices, and vulnerability scanning across the entire IT estate. This thorough evaluation identifies potential security gaps that need to be addressed.
ITHCs should be conducted by accredited providers. CyberLab is both CREST and CHECK certified, meaning we meet the rigorous standards set by the National Cyber Security Centre (NCSC) and other leading industry bodies to perform these assessments.
Upon completion, you’ll receive a detailed report highlighting identified vulnerabilities, categorized by severity, along with recommendations for remedial actions. This report serves as a critical tool for enhancing your organization’s security measures.
Yes, for many government computer systems in the UK, an ITHC is required as part of the accreditation process to ensure compliance with security standards.
As a CREST and CHECK certified company, CyberLab offers professional IT Health Check services aligned with NCSC standards. Our team conducts thorough assessments to identify vulnerabilities and provides actionable recommendations to enhance your cybersecurity posture.
Red Teaming vs Penetration Testing
| Red Team |
|---|
| We test systems simultaniously |
| We work to fluid, adaptable targets |
| Longer testing schedule |
| We don't tell your people what we're doing |
| Our testers will be creative and use any means necessary |
| Pen Test |
|---|
| We test systems independently |
| We define our targets before we start |
| Short term tests |
| Your people know what we're testing and when |
| Our testers use a suite of commercially available testing tools |
Speak With an Expert
Enter your details and one of our specialists will be in touch.
Whether you’re looking to implement basic cyber security best practice, improve your existing defences, or introduce a new system or solution, our team of expert consultants, engineers, and ethical hackers are here to help.
Our team specialise in creating bespoke security solutions and testing packages to improve and maintain your security posture.
We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.
If you like this, then take a look at…
Types of Penetration Test - What is the Difference?
12 Common Vulnerabilities Found During Penetration Testing
CyberLab Simulate Attack in front of Cyber Crime Police
