What is Network Penetration Testing?
Network penetration testing is a method of evaluating the security of your network infrastructure—computer systems, networks, applications and people—by simulating an attack from malicious outsiders (unauthorized) and/or malicious insiders (authorized) to identify attack vectors, vulnerabilities and control weaknesses. The simulated attack uses a variety of manual techniques supported by automated tools and looks to exploit known vulnerabilities.
Our experienced testers use this approach to identify specific weaknesses in an organization’s security operation. By safely attempting to discover and exploit the vulnerabilities of your network infrastructure from an unauthenticated perspective, we find the “holes” in your system before damage occurs. Because these ethical hacking tests are carried out by skilled professionals, we are able to uncover risks that would be impossible to detect with simple scanning software.
Benefits of Network Penetration Testing
Manage risk—List your vulnerabilities so you can prioritize them and get to work on remediation.
Business continuity—Network vulnerabilities can put your operation on hold if you’re attacked with denial of service or other hacking methods. Preventing these issues means continuity for your business.
Protect clients, partners, and vendors—Prove yourself as a safe and trustworthy business partner by assessing your network security.
Evaluate your security investments—Routine penetration testing can help you measure your ongoing security efforts and find out what is and isn’t working.
How Often Should I Conduct Penetration Testing?
- Every time a new software is introduced
- Budget permitting, test the most critical assets frequently and less sensitive areas less frequently
- To keep up with regulatory compliance: PCI, HIPAA, GLBA, etc.
- When you apply security patches
- After a change to the infrastructure or network
- When you add new office locations
- When you implement a new end-user program or policy
- Some sources recommend level 1 testing about quarterly and level 2 about once a year.
- In short, at least annually.
Do I Need a Penetration Test?
Whether you need to prove regulatory compliance, satisfy a request from your boss, or need to show security maturity to a client or clients, a penetration test is a great mechanism to accomplish your goals.
However, many organizations that approach Pivot Point Security to perform a penetration test are not truly ready yet for that level of testing and would be better served by a comprehensive vulnerability assessment first. The information obtained, effort required, and cost are very different between these two assessments.
If you are unsure about what type of testing is right for your business, feel free to reach out to us for more information: