Security specialist Intact Software Distribution is adding vulnerability and penetration testing to its range of services.
“All companies have cyber security tools and solutions in place, be it anti-malware, a firewall, encryption, data loss prevention, or a variety of intrusion detection and prevention tools. With attacks on businesses each day numbering in the thousands, businesses need to accept that it’s not a question of if an attack will occur, but when,” says Simon Campbell-Young, CEO of Intact, adding that it makes sense to uncover your weaknesses before your attackers do.
He says penetration testing and vulnerability assessments, while viewed as the same thing, are in fact quite different. A vulnerability scan, or vulnerability assessment, looks for known vulnerabilities in your systems and reports potential exposures. Penetration testing aims to actually exploit weaknesses in the architecture of a company’s systems.
“At Intact, we already offer the best and widest range of top security tools and solutions. We aim to provide a total security service to our customers, to give them the peace of mind that they are protected against the slew of threats that businesses face every day. Penetration testing is a natural and needed addition to our offerings.”
According to him, companies simply cannot ignore penetration testing, and it is a crucial link in the security chain. “No security tool is a silver bullet. While there are myriad security tools to help identify and prevent attacks, they simply cannot guarantee 100% that no attacker will get in. Breaches today make use of multiple attack vectors, and a penetration test will uncover complex vulnerabilities when, as is the case in the real world, a multi-vector attack is employed.”
In addition, he says penetration testing will tell the business instantly what the value of their security investment is. “Companies are investing millions in security, and these tests will highlight any area where additional resources are needed to strengthen the security posture.”
Penetration testing also helps to fine tune the company’s response to a security incident. “Procedures, roles and responsibilities, and protocols can all be fine-tuned during remediation to lower the organisation’s response time in the event of an attack. Should an incident take place, understanding who is responsible for what, and what needs to happen when, will significantly lessen exposure and risk,” Campbell-Young says.
Companies who think they are 100% secure any network or application are fooling themselves, he adds. “A company should aim to be as difficult and frustrating as possible so hackers move on to softer, more vulnerable targets. A penetration test will reveal if your company has a soft underbelly or a hide like a rhino. Cyber criminals go for the low-hanging fruit. Make sure this isn’t your business.”
With each day that goes by, hacking becomes a more automated process, enabling unskilled computer users to become successful and profitable cyber criminals. The effort involved in buying root-kits and other hacking software and getting it up and running is frighteningly small, Campbell-Young explains. “Penetration testing remains an effective form of defence against these attacks, as any business that conducts regular penetration tests stands a much greater chance of blocking cyber attacks. They will be aware of issues they didn’t know existed, and will be able to find their weak spots before their hackers do.”