Information systems are constantly under attack by external malicious actors and possibly by trusted users situated on the organisation’s network. Although systems may be protected against such attacks by security technologies, attackers may still find their way around them using advanced bypass methods or by exploiting a security oversight. The only way to know for certain how effective the network’s security defences are against a dedicated attacker is to actually subject the network to a sophisticated attack.
A penetration test subjects the network and all connected systems to the same attack techniques that a malicious hacker would attempt with the express intent of leveraging security weaknesses and bypassing the security products protecting the systems. Like a malicious hacker, a penetration tester will attempt to discover information about the target network with the intention of finding previously unknown security weaknesses that can lead to compromising devices and servers to get to sensitive data. For companies with a mature security program, a penetration test is also a realistic method of assessing the organisation’s detection and reaction capabilities when faced with an actual hacking attempt. For this reason a penetration test is considered the ultimate test of the network’s defenses and relies heavily on the penetration tester’s technical abilities and knowledge of the business-domain.
Senseon offers a highly specialised service, tailor-made for each client to discover and remediate unknown security weaknesses present on the network before a malicious hacker has the opportunity to exploit them. The security weaknesses detected during a penetration test cannot be discovered using automated means. This fact is the reason why a yearly penetration testing exercise is recommended or mandated by a number of information security standard certifications such as PCI-DSS and HIPAA, making this service a must have for organisations that are serious about their information security.
- Subjects the network to advanced hacking techniques
- Realistically tests the implemented security technologies
- Highly effective at detecting unknown security weaknesses
- Tests an organisation’s reaction time to hacking attempts
- Mandated by security standards