In an effort to contain the CoronaVirus and stop its expansion, countries all over the world have closed their borders. Enterprises globally are fast to follow suit by halting employee travels and prohibiting external visitors from entering their offices. However, within these restrictions and with minimal physical contact, business must go on. Fortunately, some services, such as accounting, legal or even HR, can easily be rendered remotely. But when it comes to cybersecurity, that is not always the case.
Physical access to the local network is often required and is available only from within the organization’s premise. Such is penetration testing!
Can Pentesters Be ‘Contained’?
Senior pen-testers are among the cyber security professionals who travel the most. They are highly sought individuals with a large set of hacking tools and a great many years of practice. Experienced pen-testers are invited to organizations around the world for days or weeks at a time to try their best at cracking cyber defences and networks. Large corporations often prefer the same person to work across different territories in order to reach consistency in testing and reporting among the company’s affiliates.
Security Must Go On
Since the work of security validation can never stop, Coronavirus-days limitations are forcing security professionals to come up with remote alternatives for penetration testing. One that will eliminate the need to bring people into the office and share space and keyboards. Everything that can be done remotely must comply, if it comes with reduced costs and increased efficiencies, even better.
WANTED – Remote Pen-testing Software
In an ideal world a CISO would ask for software of this sort:
- Does exactly what a pen-tester does
- Doesn’t require any agents to be installed
- Works on-premise, but may be activated remotely
- Prioritizes remediation according to truly breachable vulnerabilities
- One that any IT person can operate
It just so happens that a technology invented in 2015, is in its prime in 2020. This algorithm-based technology mimics an ethical hacker with a large set of tools and techniques and can produce a full penetration test remotely, anywhere on earth.
Yes, but does it “walk the talk”?
This approach is, more often than not, faced with skepticism, which turns into wonder, then buy-in, excitement and eventually, evangelism. The reason for these transitions lies within one’s ability to watch the pentest at work as it occurs, as if it was a James Bond movie screening. Truth be told, when it comes to networks, automated testing wins over manual testing, similar to the way your phone will, most times, beat you at chess. The power of the machine in terms of searching for credential data, automating relay techniques and running 24 hour long tests without tiring, is inconceivable.
A single test run proof-of-value is free for this technology for enterprises. So a test-drive is the recommended thing to do.
WebLogic is a popular enterprise middleware tool that orchestrates the interaction between backend systems and frontend clients. This makes it a valuable tool for attackers, who can exploit it to access and influence a wide range of organizational applications. In this blog post, we explore how to install a persistent backdoor on WebLogic Server. We...
Today’s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats. On...
We all know the culprits. Cloud adoption, remote and hybrid work arrangements and a long list of must-have technologies have led to an ever-expanding attack surface, compelling organizations to become more agile and responsive in their cyber defense. Taming this unwieldy beast seems to be on everyone’s mind as global spending on security and risk...