The Silver Lining In Your Cloud TM
 

Penetration Testing

Identify exploitable vulnerabilities and verify that your infrastructure is resilient against the most advanced network level attacks.

What is Network Penetration Testing?

Penetration testing, or pen-test, is a security evaluation of an IT infrastructure by safely trying to exploit vulnerabilities. These vulnerabilities may exist in operating systems, services and application flaws, improper configurations or risky end-user behavior. Such assessments are also useful in validating the efficacy of defensive mechanisms, as well as, end-user adherence to security policies.

Penetration tests are typically performed using manual or automated technologies to systematically compromise servers, endpoints, web applications, wireless networks, network devices, mobile devices and other potential points of exposure. Once vulnerabilities have been successfully exploited on a particular system, testers may attempt to use the compromised system to launch subsequent exploits at other internal resources – specifically by trying to incrementally achieve higher levels of security clearance and deeper access to electronic assets and information via privilege escalation.

Information about any security vulnerabilities successfully exploited through penetration testing is presented to IT and network system managers to help those professionals make strategic conclusions and prioritize related remediation efforts.

How You Can Benefit From Network Penetration Testing

Intelligently Manage Vulnerabilities
Pen-tests provide detailed information on actual, exploitable security threats. By performing a penetration-test, you can proactively identify which vulnerabilities are more critical, which are less significant and which are false positives. This allows your organization to more intelligently prioritize remediation, apply needed security patches and allocate security resources more effectively to ensure that they are available when and where they are needed most.

Avoid the Cost of Network Downtime
Recovering from a security breach can cost an organization millions of dollars related to IT remediation efforts, customer protection and retention programs, legal activities and more.

Meet Regulatory Requirements and Avoid Fines
Penetration testing helps organizations address the general auditing/compliance aspects of regulations. The detailed reports that pen-tests generate can help organizations avoid significant fines for non-compliance and allow them to illustrate ongoing due diligence to assessors by maintaining required security controls to auditors.

Preserve Corporate Image and Customer Loyalty
Every single incident of compromised customer data can be costly in terms of both negatively affecting sales and tarnishing an organization’s public image. With customer retention costs higher than ever, no one wants to lose the loyal users that they’ve worked hard to earn, and data breaches are likely to turn off new clients. Penetration testing helps you avoid data incidents that put your organization’s reputation and trustworthiness at stake.

As you can see, performing penetration-testing or hiring a pen-tester to test your network is a proactive effort of protecting your network and business from risks before attacks or security breaches occur.

Why Perform Network Penetration Tests?

Security breaches and service interruptions are costly.
Security breaches and any related interruptions in the performance of services or applications, can result in direct financial losses, threaten organizations’ reputations, erode customer loyalties, attract negative press, and trigger significant fines and penalties.

It is impossible to safeguard all information, all the time.
Traditionally, organizations have sought to prevent breaches by installing and maintaining layers of defensive security mechanisms, including user access controls, cryptography, IPS, IDS and firewalls. However, continued adoption of new technologies, including some of these security systems, has made it even harder to find and eliminate all of an organizations’ vulnerabilities and protect against many types of potential security incidents.

Penetration-testing identifies and prioritizes security risks.
Pen-testing evaluates an organization’s ability to protect its networks, applications, endpoints and users from external or internal attempts to circumvent its security controls to gain unauthorized or privileged access to protected assets.

How Often You Should Perform Pen-Tests
Penetration testing should be performed on a regular basis to ensure more consistent IT and network security management. A pen-tester will reveal how newly discovered threats or emerging vulnerabilities may potentially be assailed by attackers. In addition to regularly scheduled analysis and assessments required by regulatory mandates, tests should also be run whenever:

  • New network infrastructure or applications are added
  • Significant upgrades or modifications are applied to infrastructure or applications
  • New office locations are established
  • Security patches are applied
  • End user policies are modified
  • Growth via mergers and acquisitions
  • PCI Merchants that are not P2PE, are required to perform 1x per year
  • PCI Merchant Service Providers are required to perform 2x per year

For more detailed information on WHOA’s Network Penetration Testing Service or any of our managed or professional services please contact us.