Are one off penetration tests sufficient & suitable in today’s ever changing security landscape?

There is one thing that is very clear to everyone in the information security field and that is that the threat and vulnerability landscape is changing and it is changing at a very fast pace. Not only this, but so is the level of responsibility placed upon business owners and directors to sufficiently protect their business from cyber-attack and maybe more importantly the data they hold on their systems whether placed within the server, desktop or mobile environments.

So it is certainly right for us to look at the nature in which we protect our business and our data – moreover it is important that we look at the way in which we test those safeguards that we have invested a significant amount of time and resource into

The traditional penetration test

It is a time every information security professional dreads – the annual penetration test.

For many years it has been the litmus test to the businesses cyber security policy to keep its business and data safe from hooded criminals that rarely see an hour of daylight per year. However, when you think about it you are pitching one human being’s ability to spot holes, using the latest tools they have to hand, against another human being’s determination to get at your systems and penetrate your defences to whom are developing tools and exploiting sometimes unknown or newly discovered vulnerabilities.

The annual penetration test is a snapshot in time and is almost out of date the moment it is delivered to its audience.

In today’s increasing threat landscape, how often do you need to be testing your defences? — surely the answer has to be every day, every minute – 24×7?!

Automated penetration test

Human against human is no longer going to be enough. With the advent of Artificial Intelligence, the threat landscape is not only fast changing it is unstoppable. Can the traditional penetration test provide enough confidence in the companies cyber security defences? No! it is fast becoming a “tick in the box” exercise.

Todays landscape needs tomorrows technology and having a complete cyber security and business risk map always available and on hand for your key business stakeholders is not only a nice to have, it is essential to protect you against todays cyber underbelly and the criminals that lurk down there.

Up to date, to the minute penetration test results is now a critical part of defending your business and data from a cyber security time bomb of a vulnerability.

No more snapshot in time reporting, no more wondering if you have plugged all of those holes – with machine based 24×7 cyber security automated penetration testing you get up to the minute, real-time reporting on the very latest vulnerabilities and threats.

This can be as simple as understanding how an application patch will behave with other applications and services running within the environment or ensuring that the communication plan includes all stakeholder, including development and support teams so they have an oversight upon potential issues that may occur.

Apart from propriety applications such as Adobe Suite, Microsoft Office and Java, PalisadeSECURE are experienced in patching bespoke or complex applications such as SWIFT, Oracle, Microsoft SQL and Exchange.