To Pentest, or Not

– By: Dr. Gene Lloyd –

Is there any value in having an external organization run a penetration test against your network? Simply put, yes! This isn’t a service we provide at the Lloyd Research Institute so this will be my unbiased perspective on how to prepare for a pentest and what you should look for in the team performing the test. First, don’t just go out and hire a team to perform a test without first working through a process of securing your systems. If you know your systems are insecure, there is no point in having a pentest conducted, you already know how that will turn out. Take the time to patch systems, lock down firewalls, train users, etc. Second, have one of your employees run an internal test to see if they find anything glaringly suspicious. This may not be the highest level of test you can provide (unless an employee is a certified pen tester), but it should take care of the low hanging fruit. This will also help the outside team to focus on important issues without being distracted by some of the more obvious concerns that seem to pop up all the time.

Now, for the team you bring in, you don’t need to go looking for the world-famous companies or people to run this test. They are certainly very capable, but their price tag will be much higher simply because of their relative fame. There are plenty of small companies with certified teams who can do just as much of a great job as the big boys. The tools and techniques they use don’t really matter, as long as they are able to prove their credentials and able to maintain complete privacy of anything they come across. OK, here’s one biased recommendation, look for a company owned by a veteran or that hires veterans; they deserve to be considered first. Bottom line, get someone to run a pentest on your network that knows nothing about your network ahead of time, because that’s how hackers do it.

As always, the Lloyd Research Institute is ready to assist you in providing you the strategic advice you need to implement this, or other, security technologies. Sign up below for a free cyber security consultation with a proven expert in the field.

 

​Sign up for a FREE consultation

​Get a free 1-hour telephone consultation with a cyber security expert with no required commitments -- a $500 value!