Why Is Penetration Testing Critical to the Security of the Organization?
A complete security program involves many different facets working together to defend against digital threats. To create such a program, many organizations spend much of their resources on building up their defenses by investing in their security configuration management (SCM), file integrity monitoring (FIM), vulnerability management (VM) and log management capabilities. These investments make sense, as the resources listed above can all help protect the organization.
That’s the hope, anyway. In reality, there’s more to building a security program than just buying new security capabilities. Indeed, while it is critical to build up your defenses against today’s advanced attacks, it is impossible to measure these tools’ effectiveness without exercising them. It is akin to building an elaborate disaster recovery site to keep your business running in the event of a significant outage but never actually testing whether it will actually work when it’s needed.
Testing one’s defenses is paramount to understanding one’s weaknesses and making strategic and tactical adjustments to strengthen those areas of weakness. Budgets are tight, after all. This makes directing funding and resources to areas that will see the most benefit all the more important.
So which testing method should organizations choose?
Penetration Testing as a Viable Answer
Organizations can’t go wrong with implementing a regular penetration testing program and cadence. Doing so can bring many benefits to the organization. Before we get into those, however, let’s refresh our minds about what’s usually involved in a penetration test.
What is a Penetration Test?
A penetration test (pen test) is a simulated attack against your network, web applications, personnel and/or any other potentially vulnerable medium or system. The purpose of a pen test is to identify exploitable vulnerabilities in your environment so that existing risks and weaknesses can be understood and mitigated.
With this approach, an organization utilizes (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Cory Plummer. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/penetration-testing-security-organization/
