What’s the best way to determine how often penetration testing is needed? Are there certain organizations or industries that should do it more often?

There’s no one best answer. Similar to the questions: “How often should I exercise?”, “How often should I go for a dental cleaning?” and “How often should I change the oil in my car?” there are many variables when it comes to penetration testing.

Some considerations: network complexity, how often systems and applications are changed, third party applications, updates, and the concept of “Least Privilege”, budget, and so on.

What are you trying to accomplish with penetration testing? Is it to satisfy a compliance check box or to meet client or business partner requirements?

business risks.

security risks Today’s hackers, NEVER SLEEP, and the more often you pen test, the more sleep you will get!

As we have seen far too often, the “bad guys” work in teams, and have no time tables-just targets, don’t become a victim.

A client needs to make sure that they are doing the proper testing — “penetration testing” in the purest sense, is rarely enough.

Neither are higher-level “checklist audits”.

Any company, that is relying on “plain vanilla” vulnerability scans is a path to facilitate a breach-a soft target.

By focusing on performing “security assessments” that look at the company’s exposure, threat landscape, the threat surface, end points,  and potential attack surface(S), are far better served, than limiting your tests to whatever someone is asking you to do-be proactive, again, don’t be a victim-is the mantra.

To a hacker, with very bad intentions to do harm, all systems and applications are fair game for attack.

More important question than how often you should test, is the need for your business to ensure that it’s performing its security tests effectively and consistently.

The cost is minimal compared to the damage that hackers can inflict.

How to defend the network against APT attacks?

The threat landscape has changed irrevocably.

The primary foe of security professionals is no longer an asocial teenager basking in the glow of a monitor looking for an easy target, but rather the highly skilled technologists who are deliberately seeking treasure troves of sensitive information.

These attacks are representative of what security professionals face today.

Aptly named advanced persistent threats, APT is a “fuzzy” and even controversial term that refers to a style of attack rather than any specific technique.

Targeted APT attacks are waged in a one-to-one fashion by professional hackers using advanced skills.

What is Sandboxing technology?

The primary technique employed by a variety of advanced malware-detection products.

Potential malware threat is identified using various techniques.

Network traffic analysis is used to discover potential threats on the network.

Patterns of behavior are analyzed, and suspicious files are sent to the “sandbox”.

The file is then examined in an environment of virtual machines that analyze behavior in a suite of different operating systems and software versions.

All changes made by the file are recorded, and a report is presented which shows all areas of the operating system and software that were changed.

Based on this report, the file can be flagged as malware.

How to defend network against APT attacks?

First and foremost, take stock of the controls that already exist on the network and ensure they are both effective and well-managed.

Most enterprises already have a mixture of firewalls, intrusion detection and prevention systems (IDS/IPS), antimalware packages and other controls.

Are they audited regularly?

Do they have current signatures?

Are they consistently deployed?

Check the basics before even considering adding additional layers of defense.