Remotely we stand

In an effort to contain the CoronaVirus and stop its expansion, countries all over the world have closed their borders. Enterprises globally are fast to follow suit by halting employee travels and prohibiting external visitors from entering their offices. However, within these restrictions and with minimal physical contact, business must go on. Fortunately, some services, such as accounting, legal or even HR, can easily be rendered remotely. But when it comes to cybersecurity, that is not always the case. 

Physical access to the local network is often required and is available only from within the organization’s premise. Such is penetration testing!

Can Pentesters Be ‘Contained’?

Senior pen-testers are among the cyber security professionals who travel the most. They are highly sought individuals with a large set of hacking tools and a great many years of practice. Experienced pen-testers are invited to organizations around the world for days or weeks at a time to try their best at cracking cyber defences and networks. Large corporations often prefer the same person to work across different territories in order to reach consistency in testing and reporting among the company’s affiliates.

Security Must Go On

Since the work of security validation can never stop, Coronavirus-days limitations are forcing security professionals to come up with remote alternatives for penetration testing. One that will eliminate the need to bring people into the office and share space and keyboards. Everything that can be done remotely must comply, if it comes with reduced costs and increased efficiencies, even better.

WANTED – Remote Pen-testing Software

In an ideal world a CISO would ask for software of this sort:

  • Does exactly what a pen-tester does
  • Doesn’t require any agents to be installed
  • Works on-premise, but may be activated remotely
  • Prioritizes remediation according to truly breachable vulnerabilities 
  • One that any IT person can operate

It just so happens that a technology invented in 2015, is in its prime in 2020. This algorithm-based technology mimics an ethical hacker with a large set of tools and techniques and can produce a full penetration test remotely, anywhere on earth. 

Yes, but does it “walk the talk”?

This approach is, more often than not, faced with skepticism, which turns into wonder, then buy-in, excitement and eventually, evangelism. The reason for these transitions lies within one’s ability to watch the pentest at work as it occurs, as if it was a James Bond movie screening. Truth be told, when it comes to networks, automated testing wins over manual testing, similar to the way your phone will, most times, beat you at chess. The power of the machine in terms of searching for credential data, automating relay techniques and running 24 hour long tests without tiring, is inconceivable.

A single test run proof-of-value is free for this technology for enterprises. So a test-drive is the recommended thing to do.

Written by: Aviv Cohen
Show all articles by Aviv Cohen
Learn more about automated security validation
Resource center
Get blog updates via email
Trending
The Fundamentals of Cloud Security Stress Testing
The Fundamentals of Cloud Security Stress Testing

“Defenders think in lists, attackers think in graphs” said John Lambert from Microsoft, distilling the fundamental difference in mindset between those who defend IT systems and those who try to compromise them. The traditional approach for defenders is to list security gaps directly related to their assets in the network and eliminate as many as […]

Pentera’s 2024 report reveals hundreds of security events per week, highlighting the criticality of continuous validation
Pentera’s 2024 report reveals hundreds of security events per week, highlighting the criticality of continuous validation

Over the past two years, a shocking 51% of organizations surveyed in a leading industry report have been compromised by a cyberattack. Yes, over half.  And this, in a world where enterprises deploy an average of 53 different security solutions to safeguard their digital domain.  Alarming? Absolutely. A recent survey of CISOs and CIOs, commissioned […]

Four steps the financial industry can take to cope with their growing attack surface
Four steps the financial industry can take to cope with their growing attack surface

The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread use of mobile banking apps, chat-based customer service, and other digital tools. Adobe’s 2022 FIS Trends Report, for instance, found that more than half of financial services and insurance firms surveyed experienced a notable increase […]

Learn more about our platform
Platform