8 Reasons You Need A Security Penetration Test - InformationWeek
IoT
IoT
IT Leadership // Security & Risk Strategy
News
7/6/2016
07:06 AM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

8 Reasons You Need A Security Penetration Test

One of the biggest challenges in IT security is determining whether the tools and configurations you have in place are giving your organization the level of security you require. Here's how penetration testing can help.
Previous
1 of 10
Next

(Image: roshi11/iStockphoto)

(Image: roshi11/iStockphoto)

The IT security landscape is a complex maze of technologies, architectures, and policies that can be incredibly difficult to navigate. A defense-in-depth strategy consists of any number of security tools working in conjunction to form an overall security posture. One of the biggest challenges is determining whether the tools and configurations you have in place are giving your organization the level of security you require. A penetration test, or "pen test," is one way to accomplish this.

The Pentagon recently brought in white hat hackers through a bounty penetration testing program to help it identify more than 100 security vulnerabilities in its systems. Individuals who could find security problems on Pentagon systems could be awarded up to $15,000 each. Approximately 1,400 hackers participated. It might sound like a lot, but considering the amount of damage security breaches cause these days, it's peanuts compared to letting black hat hackers breach your organization.

Part of a solid data security strategy is understanding what your weaknesses are -- and dedicating the right tools and resources to properly shore up any vulnerabilities. It's an endless game of cat and mouse that requires a unique look from the outside in. This is why penetration tests are so valuable.

[DevOps and Agile aren't synonyms. It pays to know the difference. Read Agile vs. DevOps: 10 Ways They're Different.]

Instead of implementing a bug bounty pen test program, most companies opt to hire an external firm well-versed in data security to perform penetration tests. These tests can focus on one specific part of an infrastructure, a specific application, or the network as a whole. Focused penetration tests are valuable when implementing a brand new application, cloud service, or other new feature. For most organizations, though, a pen test that validates a wide range of security tools and policies is where the real value of the practice is discovered.

It isn't good enough anymore to implement security tools and walk away. Instead, you need to put your tools through the paces of simulated breaches that mimic real-world scenarios. Doing so will help determine the value of each of your security tools, as well as reveal areas of weakness. Finding out where data security needs to be bolstered is incredibly useful for quickly eliminating high-risk areas where breaches can occur.

There are at least eight good reasons why investing in network-wide penetration testing is money well spent. Once you've reviewed these, tell us about your own pen testing strategy. Is this a practice your organization regularly undertakes? Is it something you've tried and decided you didn't need? Do you focus on a single app or service, or do you apply pen testing across a wide range of security tools? We want to hear from you in the comments section below.

Andrew has well over a decade of enterprise networking under his belt through his consulting practice, which specializes in enterprise network architectures and datacenter build-outs and prior experience at organizations such as State Farm Insurance, United Airlines and the ... View Full Bio

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
cr1ga
100%
0%
cr1ga,
User Rank: Apprentice
7/7/2016 | 10:57:41 AM
Starting Point
I think the idea of Penetration Testing is something all companies should consider. The problem I have is when an outside company is employed to perform the test; the first thing they ask for is a list of IP address and then request opening ports for their testing equipment.

If a company is hired for testing then that company should search for all holes not just the known problems. A hacker doesn't call and ask for assistance.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Video
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll