Cyber Security News

The Value of Continuous Penetration Testing

From year to year, cyber-attacks represent the highest growing threat in terms of mitigation costs, and as a result, annual cyber security budgets continue to increase. Yet, companies still don’t know if they are sufficiently protected as hackers continue to find vulnerabilities and break into their networks despite their sophisticated firewalls and anti-virus systems.

Penetration testing (PT) is the only proven method to accurately test an organization’s security defense perimeter. However, in order to work effectively, PT needs to be done around-the-clock and globally, which when done manually, is very costly and constitutes a heavy load on company networks.

Today, every information security professional knows that Penetration testing is essential to in the process of “hardening and organization”.

Why is Everything Different?

In the past, most organizations had a traditional computer structure that included servers, workstations, and switches; and there was a clear boarder between the LAN and the WAN.

Today, things have completely changed, for example:

  • Number of servers – the average number of servers used to be approximately 15% of the number of workstations. However, the virtualization revolution created a situation where a Windows data-center license now allows an unlimited number of servers for the same price. For this reason, organizations create more and more virtual machines, which in turn lead to additional vulnerabilities in the system. Any virtual server can have a network configuration, and when this server becomes active, it can enable a critical cyber scenario. For example, it can include a vulnerability that can be exploited to steal information, but as the updates policy does not yet apply, the result is a server with multiple network interfaces that are exposed to attack.
  • WAN infrastructure – today, MPLS technology facilitates the flattening of the infrastructure so an organization’s employees located in globally dispersed branches can easily access all resources. The problem arises as it is impossible to completely protect all branches, and this can lead to scenarios where a specific branch is hardened, but an employee in another branch may install equipment or software that allows a hacker to exploit that branch, and then reach your branch from there.
  • Cellular – the BYOD attitude leads to a situation where employees bring their cellular to work and connect them to the LAN using WiFi access, which exposes the organization to multiple attacks.

To conclude, computing environments have become far more complex and dynamic than they used to be. For this reason, they are open to more sophisticated cyber-attacks, and the only way to evaluate an organization’s resiliency to these attacks is by performing ongoing penetration testing.

 

Cronus CyBot Product Suite

The CyBot product suite is a unique, patented predictive Attack Path Scenario (APS) software solution. Installed onsite, the CyBot product suite imitates human hacker operating practices and performs around-the-clock penetration testing on all IP-based components in an environment − including infrastructure, applications and databases – to find vulnerabilities and complex attack path scenarios in real-time.

This is done using patented scanning technology that is both silent and 100 times faster than all other existing technologies, minimizing the disturbance caused to organizations and critical systems.

A proprietary Reasoning Engine (patent pending) uses the real-time information about identified vulnerabilities to predict multi-level, dynamic, and complex attack path scenarios.

With the CyBot product suite, IT managers, CIOs, CSOs, and CFOs can easily access the security business intelligence (BI) data and risk maps they need to mitigate future sophisticated cyber-attacks, and invest accurately and efficiently in the best cyber security strategy for their organization.

The CyBot product suite includes the CyBot Pro, which continuously scans all IP-based components in a single environment, and the CyBot Enterprise, which offers a global view of the entire environment aggregated from multiple CyBot Pro instances and add-on modules for specific environments or products such as VoIP or ERP.

Contact us at Shield today we are the North American representatives for Cronus rsimmons@shield4uc.com

 

Top