A penetration test is a deep-dive investigation that returns valuable information when other criteria about your network is already satisfied. Performing a penetration test without good APV management (Asset Management, Patch Management, and Vulnerability Management) has the potential to be a huge waste of time and money (and this is coming from a person who makes his living on running pen tests).
My CPR recertification course recently reminded me of exactly why many clients don’t actually need a penetration test. Consider: When a first responder begins to assist an unconscious person, we’re taught to check their ABCs… Airway, Breathing and Circulation. The protocol is to check and address each before moving to the next.
Network security has a remarkably similar baseline check process. Like the steps a first responder takes to recognize and treat issues in an unconscious patient, the acronym APV encompasses are the first steps towards establishing “living and breathing” security for your network:
- Asset Management
- Patch Management
- Vulnerability Management
If we take this analogy a little further, a penetration test would be like performing an MRI. Would you run an MRI on a patient before checking to see if their airways are open, breathing is regular, and blood is circulating?
That’s why we always advise proper APV management before performing a network penetration test.
Want to find out more about penetration testing and how to know if you’re ready for a true penetration test? Download our free Best Practices PDF: Am I Ready for a Network Penetration Test?