Story image

Penetration testing: How you can manage it the easy way

20 Feb 2017

Why should I get a penetration test?

The simple answer is to provide assurance that your IT infrastructure (websites, remote access, mobile devices, internal systems, client data) isn’t vulnerable or can’t be easily attacked or exploited.

Penetration testing is like crash testing in the automotive industry and it should be carried out by an independent body. You wouldn’t trust a car maker to say that “everything is fine” and this has passed our tests with flying colours.

When should I get a penetration test?

Regular testing (at least yearly) provides a very good insight into your IT systems and overall IT processes (patching, documentation, outsourced provider capabilities) from an IT security perspective.

What will it cost?

Typically most engagements (website review, internal systems review, privacy or outsourced provider reviews) can be done in under a week (onsite). Budgets are typically around the $8 to $10k range.

What will I receive?

A comprehensive written report which outlines (in business language) what testing was undertaken and what the results mean.  This will include comments around what risks or reputational losses could be caused by any of the vulnerability’s identified. 

A good security company would follow this up with an onsite client meeting so that the business understands clearly what is contained within the report. 

Technical audiences will appreciate that we include screenshots and full reproduction techniques in our reports which provides for confirmation and easy remediation (retesting) of any issues identified.

What happens if I do nothing?

Security testing is like insurance, you might get away without it for a small period of time however sooner or later the hackers and automated Internet scanners will find your weak links. 

These may be exploited and cause reputational and financial losses to your business. Worst case is you will be in the newspaper or online media having to defend why you did nothing.

Keen to find out more? Lateral IT Security can help you with your penetration testing. 

Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.
How blockchain could help stop video piracy in its tracks
An Australian video tech firm has successfully tested a blockchain trial that could end up being a welcome relief for video creators and the fight against video piracy.
IBM X-Force Red & Qualys introduce automated patching
IBM X-Force Red and Qualys are declaring a war on unpatched systems, and they believe automation is the answer.
Micro Focus acquires Interset to improve predictive analytics
Interset utilises user and entity behavioural analytics (UEBA) and machine learning to give security professionals what they need to execute threat detection analysis.
Raising the stakes: McAfee’s predictions for cybersecurity
Security teams and solutions will have to contend with synergistic threats, increasingly backed by artificial intelligence to avoid detection.
Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.