IT Solutions, Managed Services, Structured Cabling — Telcion

View Original

The Value of Penetration Testing 

Reading Time: 2 minutes

With the recent log4j vulnerability, many of your applications are no longer safe and need to be updated. But when you have a couple hundred servers and numerous applications that keep your business running, how can you be sure what’s safe and what isn’t?  


We often talk about the need for a multi-layered security approach. One product or solution will not fix all of your security needs. It takes multiple solutions working from different angles to provide you the most protection.  


Recently a client asked if we could provide some penetration testing services (often called pen testing for short). I quickly answered yes, as we’ve provided this service numerous times over the years. We typically use a product from Qualys that allows us to provide pen testing as a service. However, this particular client mentioned a product from Tenable, so I began doing some research to see what kind of offering they had.  


I have to say, I was impressed.  I hadn’t looked under the hood at pen testing products in several years and they have definitely come a long way.

Pen testing has evolved into proactive vulnerability management, constantly scanning in the background and providing reports you can use to get to work remediating what will have the most impact.   


On a regularly scheduled interval–say, weekly–your team can receive reports from a vulnerability management system that has been scanning all of your devices, telling you which devices have the most critical issues. You can then use this list to fix those issues and keep track of what has been completed.  Each week you get a new report with a prioritized list based on what will have the most impact for your organization. This is very powerful stuff.   


In this case, Tenable has the ability to be both an on-premise managed solution or a cloud managed solution.  And they have separate offerings to pen test web applications, as well as provide pen testing for internal devices or external devices or both.  


Half the battle is doing what you can to protect yourself from known vulnerabilities. To do that, you have to know where you’re exposed so you know what specifically to remediate, and that’s what this kind of software does.   


Staying secure is an investment against a future risk. It’s not cheap, but it’s definitely worth it.  You don’t want to find yourself compromised because you didn’t take the necessary precautions in the first place.   


This post was contributed by Lance Reid, our CEO. Lance has worked in the technology industry for over 25 years. He became a Cisco Certified Internetworking Expert (CCIE) in Collaboration in 2005 and has been serving on Cisco's SMB Advisory Board since 2013.


You may also like:

See this gallery in the original post