Penetration Efforts Improves Network Security

December 01, 2016//Ellen Neveux

Last Updated: June 29, 2018

When a hacker is on your side, you can discover system vulnerabilities before your network is compromised.

We talked earlier about the increased risk to companies from third-party data breaches. Hacking a partner ecosystem makes good criminal sense. Hackers have a shot at breaching even a seemingly secure system when they gain entry into the network via a lightly protected partner.

Increasingly, companies and agencies are turning to sponsored hacking. Skilled hackers are in demand by corporations throughout the industry. Facebook and other companies pay bounties to hackers who identify zero-day and other exploits that could damage their product and brand.

By engaging security companies, hackers, or even the federal government, business owners can learn about and resolve network flaws before an attack occurs.

Network and system penetration testing
Penetration, or pen-testing, involves engaging security experts to test network strength through a variety of means. The sometimes high cost of pen-testing pays a substantial ROI when vulnerabilities are discovered and corrected prior to actual compromise.
Pen-testing involves more than identifying system weaknesses. Pursuant to a service contract, a pen-test exploits vulnerabilities and invades networks, and devices, to determine the depth of system defects.

Because such defects are common, software publishers like Microsoft routinely publish fixes through their Security Bulletin on the second Tuesday of each month. Too often, however, needed patches are not downloaded and a company—and its partners—can be compromised.

NCATS — federal pen-testing for financial and infrastructure enterprise
As discussed in Krebs on Security, the Department of Homeland Security (DHS) runs the National Cybersecurity Assessment and Technical Services (NCATS) program. Two primary services offered through NCATS include:

  • Risk and vulnerability assessments (RVA): Under a service agreement, the RVA uses manual and automated tools to scan network systems and devices for vulnerabilities. Weaknesses are exploited to test system defenses. The RVA also uses social engineering techniques to test the awareness and readiness of end-users when exposed to phishing and other fraudulent messaging.
  • Cyber hygiene program (CH): The CH program scans for web and network vulnerabilities for a variety of agencies.

According to the September NCATS service update, the program serves federal, state, tribal, private sector, and other clients. While most of the entities served by NCATS are governmental, 32 private sector companies took advantage of the free testing this year.

Whether offered by the government, individuals, or security companies, pen-testing means you proactively learn about dangerous flaws in your network—before a criminal finds them for you.

Use the data — strengthen your network
Pen-tests offer you time to architect against system weaknesses and protect your assets, clients, and reputation. It is most effective when incorporated in routine cyber hygiene practices. For example, when a significant policy, hardware, software, or logistics update occurs, a pen-test can establish the security of the reconfiguration.

For companies with third-party vendors, a pen-test is critical to evaluate and understand the security of your vendor platform.

About SecureLink

Our sole focus is secure third-party remote access. For highly regulated enterprise organizations, SecureLink Enterprise has pioneered a secure remote access platform. SecureLink for enterprise allows an organization to identify, control, and audit third-party vendors. For vendors, SecureLink is the gold standard remote access support platform because it is easy, efficient, and ensures compliance and reduces liability when supporting customers.

Subscribe to the SecureLink Blog.
close close