If you had asked me 8 years ago if you could automate a network penetration test, I would have thought you were crazy to even try, particularly because there are a lot of moving parts during a penetration test. However, over the last few years, my opinion on this has drastically changed, especially seeing how other industries have moved forward with automation and becoming more efficient at operating.
It is absolutely mind-blowing at how some of these other industries have been able to implement new technology and provide the same amount of value/services in a faster, more efficient, and sometimes more cost-effective way. As it relates to solving some of the challenges of data breaches, the biggest thing we've seen is a flood of new products and more consulting firms pop up left and right. However, many consulting firms still struggle to find great talent to serve the customers that need these assistance like yesterday.
One thing that we all know for sure about penetration testing is that the services have not really evolved in a way that can scale quick enough based on the demand. The number of data breaches occurring on a daily basis is just skyrocketing, leaving many organizations in hopes that they just simply won't ever become a target.
As the needs for strengthening organizations' security posture increase, there are several growing challenges that organizations are still faced with, including some of the following:
- Risk Awareness - Organizations are used to performing a point-in-time risk assessment that identifies what their risk is today. However, new cyber threats are published on a daily basis, so their exposure to attacks can change in an instant without their knowledge.
- Detection & Response Times - Although many organizations perform routine penetration test engagements, many organizations still don't have the necessary information from the penetration test to improve their security tools, such as to detect what happened at what time and for how long.
- Budget - Having a limited budget may require you to reduce scopes and even avoid having some assessments performed, which could help but still expose many organizations to significant threats.
Those that know me really well know one thing is for sure: efficiency is top priority.
Over the last few years, several consultants and I have collaborated on ways to make executing network penetration tests much more efficient by implementing our methodology into a framework that can consistently run and grow over time, providing a ton more value than what we're used to. Many consultants in the InfoSec community develop their own tools to automate some processes, including OSINT, host discovery, etc. Over the last year, we've been able to prove the value of a smaller version of this framework by testing it over and over on a number of engagements. This has allowed us to maximize our time on engagements, resulting in more value provided to the customer. Customers have also acknowledged this.
vPenTest aims to help organizations simplify the process of identifying new threats within their environment on an on-going basis without the traditional challenges and concerns. Your organization would be able to use vPenTest to perform a network penetration test at any time, any frequency, receiving real-time reports, preliminary findings, notifications, and more.
Here are some of the comparisons:
Download the vPenTest White Paper
Check out our white paper for a detailed evaluation of how vPenTest compares to traditional penetration testing and how it helps solve today's growing pains. Learn how vPenTest can help network administrators to evaluate their risks to cyber attacks in nearly real time.
For any questions, feel free to reach out to us on Twitter at @vonahisec.
About Vonahi Security
Vonahi Security is a cybersecurity consulting firm that offers modern consulting services to help organizations achieve both compliance and security best practices. With over 30 years of combined industry experience in both offensive and defensive security operations, our team of certified consultants have experience working with a significant number of organizations, industries, networks, and technologies. Our service expertise includes Managed Security, Adversary Simulations, Strategy & Review, and User Education & Awareness. Vonahi Security is headquartered in Atlanta, GA. To learn more, visit www.vonahi.io.