M.A. Polce Consulting

BLOG

Pen test
Author: cdibble
Date: November 10, 2021
Don’t Start With a Penetration Test

As a provider of cybersecurity services, we are often asked by organizations to conduct network penetration tests (also known as Pen Tests for short). While the requests are well-intended, there are some specific reasons why doing a Pen Test before other security measure is not advised.  This is especially true in organizations that are just starting to build a more comprehensive cybersecurity strategy.

In simple terms, a penetration test is where an experienced security professional attempts to gain access to secure areas of an organization’s network.  This is done by using both automated tools and manual exploitation.  There are many factors that determine how the test is performed, what it uncovers, and how much it will cost.  These include that amount of time you’d like the tester to spend trying to break in, how much information you are willing to share with the tester in advance, and how many different systems you’d like the tester to attack. 

The penetration test is an essential part of an organization’s security strategy, but most security professionals agree that it should only be performed after a thorough security assessment of the network infrastructure is completed.  A well-executed security assessment that includes vulnerability scanning will identify the vulnerabilities that could allow a cyber-criminal to gain access to sensitive data in the first place.  It finds outdated operating systems, unpatched network equipment, active accounts that haven’t been used, improperly configured network settings, and much more.  Ideally, vulnerability scans should be done at regular intervals (i.e. monthly or quarterly).

Once a security assessment is complete and all vulnerabilities have been remediated, the Pen Test is performed to provide further evidence that the network is secure.  Doing things in this order ensures that organizations are being tested against their strongest security posture, not their weakest.

For more information about any of our cybersecurity or consulting services, please feel free to contact us any time. 

Categories:

Company Insights

We Strive To Be The Best

The M.A. Polce Difference:

24/7/365 Operations & Support

Superior Customer Service

30+ Experienced Engineers

SOC 2 &
NIST Compliance

Rapid Incident Response

You are now leaving MA Polce Consulting

MA Polce Consulting provides links to web sites of other organizations in order to provide visitors with certain information. A link does not constitute an endorsement of content, viewpoint, policies, products or services of that web site. Once you link to another web site not maintained by MA Polce Consulting, you are subject to the terms and conditions of that web site, including but not limited to its privacy policy.

You will be redirected to

Click the link above to continue or CANCEL