There’s no one best answer. Similar to the questions: “How often should I exercise?”, “How often should I go for a dental cleaning?” and “How often should I change the oil in my car?â€ť there are many variables when it comes to penetration testing.
Some considerations: network complexity, how often systems and applications are changed, third party applications, updates, and the concept of â€śLeast Privilegeâ€ť, budget, and so on.
security risks Todayâ€™s hackers, NEVER SLEEP, and the more often you pen test, the more sleep you will get!
As we have seen far too often, the â€śbad guysâ€ť work in teams, and have no time tables-just targets, donâ€™t become a victim.
A client needs to make sure that they are doing the proper testing — “penetration testing” in the purest sense, is rarely enough.
Neither are higher-level â€śchecklist auditsâ€ť.
Any company, that is relying on â€śplain vanillaâ€ť vulnerability scans is a path to facilitate a breach-a soft target.
By focusing on performing “security assessments” that look at the companyâ€™s exposure, threat landscape, the threat surface, end points, Â and potential attack surface(S), are far better served, than limiting your tests to whatever someone is asking you to do-be proactive, again, donâ€™t be a victim-is the mantra.
To a hacker, with very bad intentions to do harm, all systems and applications are fair game for attack.
More important question than how often you should test, is the need for your business to ensure that it’s performing its security tests effectively and consistently.
The cost is minimal compared to the damage that hackers can inflict.
The threat landscape has changed irrevocably.
The primary foe of security professionals is no longer an asocial teenager basking in the glow of a monitor looking for an easy target, but rather the highly skilled technologists who are deliberately seeking treasure troves of sensitive information.
These attacks are representative of what security professionals face today.
Aptly named advanced persistent threats, APT is a â€śfuzzyâ€ť and even controversial term that refers to a style of attack rather than any specific technique.
Targeted APT attacks are waged in a one-to-one fashion by professional hackers using advanced skills.
The primary technique employed by a variety of advanced malware-detection products.
Potential malware threat is identified using various techniques.
Network traffic analysis is used to discover potential threats on the network.
Patterns of behavior are analyzed, and suspicious files are sent to the “sandbox”.
The file is then examined in an environment of virtual machines that analyze behavior in a suite of different operating systems and software versions.
All changes made by the file are recorded, and a report is presented which shows all areas of the operating system and software that were changed.
Based on this report, the file can be flagged as malware.
First and foremost, take stock of the controls that already exist on the network and ensure they are both effective and well-managed.
Most enterprises already have a mixture of firewalls, intrusion detection and prevention systems (IDS/IPS), antimalware packages and other controls.
Are they audited regularly?
Do they have current signatures?
Are they consistently deployed?
Check the basics before even considering adding additional layers of defense.
One common approach is the incorporation of security big data analytics to aid the discovery of malicious activity hidden deep in the masses of an organizationâ€™s network traffic.
Big data is defined as any type of data, structured and unstructured, that can provide insight into network activity.