Services Blog- Hummingbird Networks

What is a Penetration Test and Why Do You Need One

Written by Jason Blalock | Aug 17, 2017 12:07:00 PM

So, you've spent plenty of money investing in security systems for your network and training for your employees.  Everything looks great on paper.  But can your security plans actually stand up to an attack?  

And are you willing to gamble on a real-world attack to discover the answer?

For businesses in this situation, there's a solution to the problem of discovering the true effectiveness of their security measures:  A penetration test.  When done properly, it's the best possible way to test your security system in real-world scenarios, without actual risk to your data and property.

Why More Businesses Are Choosing To Conduct A Pen Test

So what is a penetration test?  Simply put, it's a real-world "white hat" hacking and\or infiltration attempt made on your facilities, done by security experts trained in the same techniques used by actual cyber-criminals.  If you've ever seen the classic Robert Redford cyber-caper film Sneakers, that's basically what his crew did for a living.  

To be clear, your data is in no actual danger and these security specialists know how to stop short of any exposure or harm. Plus, of course, they're under strict NDAs to never reveal any data they do manage to access.  However, they'll do anything else to probe your defenses, look for weak points, and then prepare a full report on how prepared - or not - your system is in a real-world "live fire" scenario.

Most pen tests are custom-designed based around the client's existing security systems and what aspects they want to test.  However, a penetration test could typically include:

  • Automated attack types, such as DDOS attacks or password hacks, trying to get into your system.
  • Direct personal hacking, looking for flaws in your code, buffer overflow errors, bad sanitizing of database entries, and similar common mistakes that create back doors.
  • Attempts to compromise equipment which can be overlooked in security deployments, such as PBX phone system units.
  • "Phishing" emails and similar attempts to trick your employees into giving up protected information.
  • More direct social engineering attempts to manipulate and exploit your workforce via phone or face-to-face interactions.  Remember, the human element is still the weakest link in any security system.
  • Potentially even in-person, in-office live attempts to bypass your physical security and gain direct access to assets.

Simply put, there is no more comprehensive way to put your security system to the test without actually being targeted for malicious attack.

The Benefits Of Having A Test

The key benefit here is that there are many attack types which automated defense-checking bots and systems simply cannot replicate.  If you've only tested your system against automated attack types, you've really only scratched the surface.  In some cases, you might even need a pen test to qualify for higher-level security certifications.  For example, PCI DSS credit card processing requires annual penetration testing.

It's also an excellent way to put your security team to the test.  Evaluating your own people's responses is usually a major part of a penetration test, alongside your mechanical security methods.

Finally, because these tests are being conducted by security experts, you'll get a complete report on how to make your systems better.  Any problem areas or vulnerabilities will come with full recommendations on plugging the holes, deploying better training, or whatever else is needed to shore up your defenses.  

Keep Yourself Safe With Hummingbird Network's Security Tests

Our security team can probe as many of your defenses as you want, and let you know how they perform against real-world attacks.  Click here to get started with truly locking down your network!