Barron Rosborough, 8/17/18 12:57 PM

beSECURE: Alternative to Pen Testing

Our definition of penetration testing

河北20选5走势图表 www.pc5a.cn Pen testing (penetration testing) is the discovery of vulnerable network equipment or applications by evaluating their response (behavior) to specially designed requests. In some cases a payload (message, marker or flag) is delivered to prove beyond a doubt that the vulnerability can be exploited. Pen testing is usually a manual and expensive undertaking that is done infrequently and on selected, high value or highly exposed portions of a network.

Pen testing's value is that by delivering a payload there is no arguing that the vulnerability exists and that it is serious enough to allow unauthorized access. Pen testing weaknesses are: variable results due to skill of the technician, infrequency, high expense and limited scope of testing.

Pen testing and Vulnerability Assessment

Pen testing and Vulnerability Assessment and Management (VAM) have not crossed paths until recently because in all cases but one, commercial VAM solutions primarily check the 'banner' to collect the software version number. This is sometimes called inference-based scanning. Typical VAM vulnerability tests assume that if an old version is discovered, then certain vulnerabilities can be assumed or that if a current version number is reported, then there are no vulnerabilities. There are many reasons that version does not equal vulnerability, thus the low reputation for VAM report accuracy. Only one VAM solution tests behavior and can prove the existence of vulnerabilities, like pen testing.

beSECURE is unique in the VAM field. It was designed from scratch to test the behavior of network equipment and applications rather than just look at a banner and assume on face value that vulnerabilities may exist. beSECURE sends specially designed requests to each host to determine, by response and positive ID that vulnerabilities exist. Behavior-based testing aligns beSECURE with pen testing and produces four important benefits; high accuracy, frequency of testing and currency of results, low cost and complete coverage of everything that 'speaks IP'.

Why automate pen testing

Although manual pen testing can identify how a combination of medium risk vulnerabilities can result in a high risk situation, it has the following issues:

  • Frequency: Within days of any pen test, any additions or changes to hosts and the network will create new security situations. Additionally, new vulnerabilities are announced weekly and may exist on the network.
  • Accuracy: No two pen test professionals may go about testing the same way, have the same experience or use the same tools. Even if the same pen tester is brought back monthly, new and previously overlooked vulnerabilities may be discovered.
  • Cost: Pen testing is expensive. It takes highly skilled professionals many hours to do more than just scratch the surface.
  • Scope: Due to the above factors pen testing is usually done on a limited set of targets. Pen testing almost never involves testing every server, firewall, router, workstation, printer, IP phone, wireless access point, etc.

Solving the problems of annual pen testing

beSECURE accomplishes the primary activity of pen testing, the identification of weaknesses in production hosts by testing behavior. It solves the four critical failures of manual pen testing:

  • VAM with beSECURE can be done monthly, weekly or even daily on frequently changing services like web servers and web applications. New hosts are immediately detected and tested, changes made to hosts that create weaknesses are promptly discovered and newly announced vulnerabilities are added to the test library daily.
  • beSECURE is designed to be run by any competent network admin. It is highly automated and its ease of use, accuracy of tests and short, to-the-point reports encourage compliance.
  • A typical beSECURE installation can be purchased outright for the cost of one comprehensive penetration test. In future years, a great savings can be experienced.
  • beSECURE is designed to scan entire networks quickly and its licensing model encourages broad use.

Behavior-based testing of network hosts (and in particular web applications) is unique to beSECURE. It's library of unique and proprietary tests has taken many years to compile and has been honed by constant use on thousands of networks. Accuracy was the goal of this mammoth project and thanks to tens of thousands of hours of development work and then feedback from thousands of customers beSECURE delivers the highest level of accuracy available in VAM. The result; most beSECURE customers never experience a single reporting error.

Manual pen testing is sometimes required by internal policy or for compliance with some external standards. In these cases, beSECURE is the perfect partner. Regular beSECURE scanning and the elimination of all medium and high risk vulnerabilities it discovers will dramatically reduce time needed to do manual penetration testing and so reduce its cost.

For more information about how beSECURE can help you meet pen testing requirements, contact your local representative, [email protected] or a Beyond Security partner.

For additional information on beSECURE behavior-based testing see: Vulnerability Assessment Accuracy.

  • 最高人民检察院依法决定对冀文林立案侦查[图简历] 2018-12-04
  • 晋阳古城晚唐寺庙遗存面世 2018-11-10
  • 发现食品安全问题拨打12331投诉 2018-09-27
  • 1至5月我区为企业和社会减负4200余万元 2018-09-22
  • 受伤“大猫”大闹甘孜山村 2018-09-21
  • 南昌未来三天有连续性降雨 最高气温均在30℃以上 2018-09-17
  • 近九成券商股逆市上涨 防御+反弹攻守兼备 2018-09-13
  • 美帝拉拢人民,才能反对共产党。 2018-09-07
  • 习近平会见白俄罗斯总统卢卡申科 2018-09-07
  • 李栓科的专栏作者中国国家地理网 2018-08-30
  • 北京:走进高考阅卷现场 2018-08-30
  • 次仁卓玛一家的端午节 2018-08-28
  • 香港大学发现有效对抗流感病毒的新方法 2018-08-23
  • 服用-热门标签-华商生活 2018-08-21
  • 维生素-热门标签-华商生活 2018-08-15
  • 45| 184| 993| 929| 416| 946| 428| 443| 860| 878|