Why get a Penetration test today?

AUSTIN, Texas - June 19, 2014 - PRLog -- Why get a Penetration test today?

Penetration tests are a key component in the never ending battle of cyber security. Most IT professionals are plagued with day to day operations and keeping their environment up and optimal. Let’s face it – in most companies security is an overhead cost that usually makes everyday operations less efficient. Security has a tendency to get lost in the fray or is often deemed an unnecessary expense. With today’s environment and cyber attacks higher than we have ever seen, a Penetration Test, also known as a Pen Test (http://spohnsolutions.com/pen-test/), is a critical step in a comprehensive security plan determining where to apply the resources slated for security.

A few years ago most small businesses never had to worry about being targeted. Today many sources cite that small to medium size businesses will end up closing their doors if faced with a breach. The average cost of a breach is $277.00 per record (the 2013 Symantec report.)  Most companies of any size cannot afford such cost. But what better target than the smaller company who only has a few people handling all of their IT?

The biggest and scariest question of all…Who is responsible when the breach happens – because unfortunately, it will.

So what’s the best way to assess the state of your current security defenses? Our clients find that a Pen Test is that critical first step, setting a road map based on your specific organizational business needs and external security surface area. Pen Test companies and professionals come with wide variations in both tools and skill sets used to perform the assessment. So, even if you are having a routine Penetration test performed, periodic rotation of vendors is critical. This provides a fresh perspective on your outside environment or external surface area – this is especially true if the same vendor provides the remediation services.

Let’s step back and define a Penetration test. A penetration test is a comprehensive look at your external environment – external security surface area - essentially an external information technology audit (http://spohnsolutions.com/it-security-assessments/externa...). What can others see from the outside? Even if you don’t know, others do…look at your firewall logs to see how many times a day your network is scanned. The first thing a hacker, like any predator, is going to do is probe and observe your network to determine, catalog and categorize weaknesses or vulnerabilities. The hacker will use this same list to determine if you are worth the trouble of attacking. Wouldn't it be nice for you to have this same information prior to being recognized as a potential victim?

You can get this information through a basic vulnerability assessment where you get an audit of any and all threats with recommended remediation for each incident. You can go a step further and get a full Penetration Test consisting of all the steps of a vulnerability assessment then taking the probing to the next level.

We actually test all the vulnerabilities and see where they go, determining real verse false positive, or a medium or low vulnerability that should actually be classified as critical because it is sensitive or critical network structure. Many can provide “the list” – many automated tools will run a scan and spit out a report. We provide the expertise and time necessary to evaluate and assess the list with a critical perspective towards compromising the network, integrity or availability of the data.

All information was provided by Steve Davies VP of Consulting at Spohn Consulting. http://www.spohnsolutions.com Mikela Lea mlea@spohnconsulting.com Consultant at Spohn Consulting.