How proactive cyber detectives do pen testing

You want your network to be an impenetrable fortress of security, but no defense is perfect – everybody’s got a weak point somewhere. Where’s yours?

That’s where we come in. We penetrate the impenetrable before the bad guys can. The best defense is a good offense in cybersecurity.

What is pen testing?

Penetration testing (commonly known as “pen testing”) involves simulating a cyberattack or breach into a system to identify any glaring weak points in the network’s defense.

Essentially you’re hacking yourself before anyone else hacks you.

These drills are a vital component of a thorough assessment of your cybersecurity, but not all assessments include them (though they should – better methods make for better results).

Pen testing best practices – how the experts do it

Get the lay of the land

The first thing the experts do is scout out your network. This allows them to determine the scope of what they will test.

Penetration tests can vary by purpose and preparation, depending on what type of evaluation you want.  With “black box” tests, the security expert designs the activity knowing almost nothing about your organization, network, software or hardware to better simulate an outside attack. In “white box” tests, you are actively assisting the expert by providing information about your infrastructure to make the testing more accurate and specific.

This evaluation also presents a great opportunity for you to bring up any particular concerns about your network, whether you suspect weaknesses or want to share your specific priorities.

Do the simple stuff first

There are quite a few vulnerabilities that are common enough that they shouldn’t really be the focus of the pen test.

Do your research. Shore up your defenses. If there are well-known gaps in your network, these simple fixes should be performed before the testing begins in earnest. After all, the test isn’t all that valuable to you if you are compromised by something easily avoided.

Conduct a pen test at least annually

Generally speaking, it’s best practice to conduct a pen test whenever anything is changed on the network, but that can be cost- and time-prohibitive.

At the very least, one should be conducted annually or when major network changes occur (e.g., adding a new server or opening a new branch), whichever comes soonest.

The longer you wait between tests, the more likely it is that a security flaw has presented itself and is waiting for someone to exploit it. So it’s best to make them a regular occurrence.

Correct the problem immediately

This goes without saying but also bears mentioning. If a problem is exposed, it should be solved as quickly as possible after testing is complete. Whether you knew a breach was possible from any particular vector isn’t very valuable. Your network is still vulnerable to compromise. Additionally, if you don’t correct any problems discovered from a pen test before the next pen test you’re not learning anything new, which is a waste of time and resources.

Furthermore, future penetration tests should focus on attempting to exploit the same security hole just to ensure that particular weakness is fully resolved. In this way, penetration tests are more valuable the more that you do them – you start to map out your organization’s patterns of weakness and can start to proactively take measures to stay secure.

For deeper reading on the subject: Penetration Testing Guidance from the PCI Security Standards Council

The bottom line

Penetration testing is an essential part of any complete security plan, and an essential part of pen testing is expertise.

If you’re worried about outside threats or even if you feel pretty confident in your network, drop us a line today. We’d like to help you make your network even safer.