8 Reasons You Need a Security Penetration Test

...

To help you optimize security as you cope with complexity, InformationWeek is offering you an excl

One of the biggest challenges in IT security is determining whether the tools and configurations you have in place are giving your organization the level of security you require. Here's how penetration testing can help.

The IT security landscape is a complex maze of technologies, architectures and policies which can be incredibly difficult to navigate. A defense-in-depth strategy consists of any number of security tools working in conjunction to form an overall security posture. One of the biggest challenges is determining whether the tools and configurations you have in place are giving your organization the level of security you require. A penetration test, or pen test, is one way to accomplish this.

The Pentagon recently brought in white-hat hackers through a bounty penetration testing program to help it identify more than 100 security vulnerabilities in its systems. Individuals who could find security problems on Pentagon systems could be awarded up to $15,000 each. Approximately 1,400 hackers participated. It might sound like a lot, but considering the amount of damage security breaches cause these days, it's peanuts compared to letting black hat hackers breach your organization.

Part of a solid data security strategy is understanding what your weaknesses are and dedicating the right tools and resources to properly shore up any vulnerabilities. It's an endless game of cat and mouse that requires a unique look from the outside-in. This is why penetration tests are so valuable.

[ DevOps and Agile aren't synonyms. It pays to know the difference. Read Agile Vs. DevOps: 10 Ways They're Different. ]

Instead of implementing a bug bounty pen test program, most companies opt to hire an external firm well-versed in data security to perform penetration tests. These tests can focus on one specific part of an infrastructure, a specific application, or the network as a whole. Focused penetration tests are valuable when implementing a brand new application, cloud service, or other new feature. For most organizations, though, a pen test which validates a wide range of security tools and policies is where the real value of the practice is discovered.

Simply implementing security tools and walking away isn't good enough anymore. Instead, you need to put your tools through the paces of simulated breaches which mimic real-world scenarios. Doing so will help determine the value of each of your security tools, as well as reveal areas of weakness. And finding out where data security needs to be bolstered is incredibly useful for quickly eliminating high-risk areas where breaches can occur.

There are at least eight good reasons why investing in network-wide penetration testing is money well spent. Once you've reviewed these, tell us about your own pen testing strategy. Is this a practice your organization regularly undertakes? Is it something you've tried and decided you didn't need? Do you focus on a single app or service, or do you apply pen testing across a wide range of security tools? We want to hear from you in the comments section below.

Categories
APPLICATIONS
0 Comment

Leave a Reply

Captcha image


RELATED BY

  • 5300c769af79e

    Samsung may name its voice assistant ‘Bixby,’ and debut it on the Galaxy S8

    On Sunday, Samsung announced it would include a new AI assistant with its forthcoming Galaxy S8, and that it would combine conversational language and integration with third-party services to perform tasks, dictate messages, and respond to queries on demand.“The deal showcases Samsung’s commitment to virtual personal assistants,” Injong Rhee, CTO of Samsung’s Mobile Communications business, said in a press release following the acquisition.
  • 5300c769af79e

    Bragi Intros 'The Headphone' Wireless Earbuds, Major Bragi OS Software Update

    The idea behind The Headphone is to provided everyone with an affordable, hassle free wireless earbud experience.Essentially, Bragi is offering The Dash as The Headphone, minus a lot of the added goodies that make The Dash a $200+ product.
  • 5300c769af79e

    Apple WWDC 2016: iOS, Siri Updates Expected

    With the company's iPhone sales and revenue decline, the pressure is on.At the event, we expect to see refreshes to iOS and Siri, and seven other updates.
  • 5300c769af79e

    The Convergence of Security and Compliance eBook

    Download IT security and compliance professionals are under constant pressure to ensure ongoing compliance with industry regulations such as the Payment Card Industry (PCI) Data Security Standard, required for retailers and other merchants, or HIPAA /HITECH, required for healthcare organizations.This eBook defines potential compliance and security gaps, identifies what effect these gaps can have on your organization, and explains how a positive security solution can close these gaps to protect servers and endpoints while ensuring compliance with industry regulations.