Self Assessments and Do-it-Yourself Penetration Testing. Not a great idea.

3rd party penetration testing
We’ve all been to the doctor and had our blood drawn.  The tests come back and we hope for the best.  We trust that the doctors office knows best and can identify issues within our systems. The doctor is the expert, right?  Or maybe the lab, either way, you get the point.It wouldn’t make any sense to draw your own blood, set up lab in your garage and start running tests to see if you had a disease to save a buck. Or maybe for a very small percentage of the population might.  God bless you crafty geniuses.When it comes to network security and penetration testing many tech tinkerers fool themselves believing that a self-assessment is within their power.  How so?  There are many tools available to run self diagnostics on your network computer systems. These scans range from simple to overly complicated.  The results can be displayed in all of their glory to the leadership team and everyone high fives on the great job they are doing protecting the network. We’ve even seen ads for penetration testing for $800.  If your only goal is to check off the penetration box to prove your are in compliance,  then that $800 test is probably a good option for you, but not a great option if you are serious about network security and want the job done right.

The real deal?  Your internal IT team, your managed Tech support , those automated pen-testing tools, the $800 quickie and self assessments don’t cut it.

If you decide to go with a light weight penetration test, with a narrow scope, you might be compromised down the road. A quality penetration test will expose vulnerabilities that only a skilled hacker can find.  A real penetration test is a common tool that smart companies deploy on a regular basis to ensure that everything is locked down. If your company installs a firewall or new equipment its also important that you use a 3rd party skilled penetration testing team, not the company that installed your equipment.

  • Find Experts not software.  The team you contract needs to have the right experience, skill-set and tools to do the job right. Penetration testing can be risky if not controlled, and network vulnerabilities will be found. The team you hire needs to have the experience not only for hacking into your systems, but also the experience to provide remediation and mitigation steps that follow.
  • What’s the Scope?  Your penetration experts should help you understand and determine the scope of your project.  The information gathering stage will help identify if the scope is narrow or broad.  You can limit the scope on more specific areas you want the penetration testing team to focus on,  and mark certain resources off limits.  A controlled penetration test should only move forward in stages, with communication to proceed. A good balance of broad and narrow is important and the penetration testing scope should be discussed and planned. If the scope is too broad the time may exceed limits,  but if too narrow the penetration test may not simulate real-world breach attempts.
  • What is a Red Team?   A good method for companies to follow when planning Red Team assessments is to identify the weakest areas or the “low-hanging-fruit” and have these areas tested for vulnerabilities. Scope becomes very important when defining Red Team Planning. Typically, your network administrators and employees do not know a red team is in place.  A Red Team assessment should evaluate various areas of security controls in a multi-layered approach. Each control of security should define how the system is exposed. The Red Team will test policy compliance of the security controls at each layer. And the control is tested in a manner specific to the area of security to which it applies. Social Engineering, Phishing, Password cracking, IoT device intrusion are some of the methods used and there are many more resources on the web to learn more about red team vs blue team assessments, proper procedures and at what stage to deploy these methods.

So in summary, a penetration test, or pen-test is an authorized simulated attack on a computer network that identifies any security weaknesses, potentially gaining access to the system’s features and data.  The non-stress | no damage test (if done correctly) penetrates the layered security flaws of your business infrastructure by exploiting and identifying vulnerabilities. The vulnerabilities potentially exist in your network, operating systems, services and software applications.   A penetration test will identify if your network and security equipment can be compromised, as well as identifying if your end-users are in compliance with your company security policies.

According to a report by Hewlett Packard and the U.S.-based Ponemon Institute of Cyber Crime, hacking attacks cost the average American firm $15.4 million per year, double the global average of $7.7 million.

Redbot Technologies Penetration tests are performed by the world’s top ranked pen-testing team – having worked on penetration testing projects for Fortune 100 companies to SMBs. This critical service we offer is more than just an automated scan.  The penetration is performed manually and thoroughly evaluated by our team of experts, providing  a true “ethical hacking” of your systems. Redbot  will provide testing service from both an internal and external posture as well as incorporate social engineering aspects into the penetration tests as required.

During each level of penetration we are in communication with you and will dive deeper,  only upon your request to escalate penetration.

When your network vulnerabilities are successfully exploited, we provide you with the detailed information and remediation plan / strategy, helping your business to make the best strategic choices for improving your ongoing cyber security.

How Often?

Annual Penetration Testing is an absolute must for any organization, small or large.  Don’t let complacency turn you into the next victim of a cyber-attack.  The cost of being attacked will potentially crush your business and destroy your customer relationships, not to mention potentially costing you millions of dollars to get back on track.

Penetration testing should be performed at least yearly, to ensure the safety of your network and customer data.  In addition Redbot should perform pen-testing when:

  • Your company makes any significant upgrades to network infrastructure or applications.
  • When your company expands its business and adds new locations.
  • When you company modifies policies or when new regulatory/compliance policies become effective.

Benefits of a Penetration Test

Redbot Penetration testing has many benefits at a cost savings that will keep your network safe, exposing potential vulnerabilities, while saving you money.

  • Be in the know and solve issues before you are hacked.
  • Avoid downtime, loss of revenue, and costs of rebuilding your business after an attack.
  • Meet regulatory and compliance requirements.
  • Maintain customer loyalty.
  • Your business reputation is at stake.

How to get started

To receive a best rate quote and top rated pen-testing solutions, delivered by the world’s top ranked pen-testing team, please contact us at.  303.566.0373 or schedule a free consultation.

About Redbot Technologies

At the core, Redbot Technologies identifies and re-mediates threats, risks and vulnerabilities, helping our customers easily deploy and manage leading-edge technology that protects and defends data, networks and customer information. Customers can quickly gain insight into potential threats and with Redbot Solutions-as-a-Service they are able to improve their security posture, remain in compliance and grow their business with confidence.

Redbot Technologies provides fully Managed Network and Data protection offering multi-tiered security assessments ranging from instant vulnerability checks to highly effective penetration testing. Our assessments are designed with a customer first approach and can be deployed across SMB to Enterprise. Redbot currently operates two Network Operation Centers (NOCs) a Security Operation Center (SOC) and multiple Data Centers supporting customers Nationwide.

Not only do our solutions help the smaller to mid-sized business, our solutions help enterprise mitigate risk by first providing accurate cyber risk information that simplifies the current legacy process and removes inaccurate 3rd party risk self-assessments. Secondly, we are able to help validate and remediate connected vulnerabilities, strengthening the overall security posture of the Enterprise network.

Redbot Technologies
1312 17th Street Suite 523
Denver CO 80202
https://redbotsecurity.com
T. 303.566.0373

About Redbot Technologies

Redbot Technologies provides a full suite of best in class data security services and solutions,  setting a new standard in cyber security strategies.  We identify and re-mediate threats, risks and vulnerabilities, helping our customers deploy and manage leading edge technology that protects and defends.

Contact Details

Phone: 303.566.0373
Web: redbotsecurity.com

1312 17th St, Suite 521
Denver, Co 80202

Related Posts
  • Top Penetration Testing USA company
  • Redbot Security Penetration Testing
  • Who is the best Penetration Testing company
Summary
Do I need a Penetration Test, Can I do it myself?
Article Name
Do I need a Penetration Test, Can I do it myself?
Description
The team you contract needs to have the right experience, skill-set and tools to do the job right. Penetration testing can be risky if not controlled, and network vulnerabilities will be found. 
Author
Publisher Name
Redbot Technologies
Publisher Logo
2018-05-06T18:35:39+00:00 April 29th, 2018|Cyber Security Insight, News and Developments|3 Comments

3 Comments

  1. […] in order to provide the most accurate quote/timeline and expectations.  Be wary of a “one price fits all” pen-test as these low price solutions that fit any scenario are most likely using an […]

  2. […] in order to provide the most accurate quote/timeline and expectations.  Be wary of a “one price fits all” pen-test as these low price solutions that fit any scenario are most likely using an […]

  3. […] are many do-it-your-self applications available and having the capability to run your own penetration tests can be good idea to run self-vulnerability tests whenever you make changes to your network…but a […]

Leave A Comment

Redbot Security

Redbot Security, Managed Threat Detection and Response. Denver Colorado

Contact us!

1312 17th Street, Suite 523 Denver Co 80202

Web: Contact Form

Recent Tweets

Show Buttons
Hide Buttons