Stars-image

Blog

Welcome to Silent Sector's blog, news, and resource area.
0 Comments

Cheap Penetration Testing

Learn how Silent Sector transforms cyber risk into a revenue generating asset. Learn more...

Contact Silent Sector for an initial consultation.

 

TRANSCRIPT: 

Companies looking for penetration testing have a huge number of options. These days, unfortunately, the industry has become very commoditized. So there are a lot of automated services and solutions, different cheap penetration tests, you know, that are out there. A lot of times though, it's really doing a disservice to the organizations that really needs a true penetration test. So it's important to understand the difference, right? The problem is, in order to really understand the nature of risk within a technology environment doesn't matter if it's a, if it's a web application, or if it's your internal or external network environment, if it's wireless. Either way, whatever environment you're looking at, you really need to take a deep look at the vulnerabilities themselves, right. And automated tools and systems and canned approaches really can't do that, you really have to have an expert on the other side of those to do the manual exploit validation to really understand if a vulnerability is truly an attack surface for the organization. Just because a tool throws up a big red flag doesn't mean it's something that you need to jump on right away necessarily. And this is what catches a lot of companies off guard, when they go for some of these canned approaches. And some of the commoditize pentesting services that have hit the market. These days, what ends up happening is they get this huge list of vulnerabilities, many of which are actually not exploitable, based on the configuration of their environment. And what happens is they go and they start remediation on everything. So it costs them a tremendous amount of time and money and resources to do all this remediation when in fact, a lot of it isn't necessarily as critical as they thought it was. So keep that in mind. If you're just looking to check a block if you just need to get something done a pennant, a cheap penetration test can do the job. But keep in mind too, that your clients are getting more and more sophisticated. If you're in the b2b tech world, especially working with fortune 500, fortune 1000s, they're going to look at the penetration test, a letter of attestation or a high level overview of the results and ask a lot of questions, right. So you need to be prepared to answer those. So keep in mind who your buyer is their sophistication level, and make sure that your penetration testing is really accomplishing everything you need, not just checking the block, because in the long run, the commoditize pen test approach can actually end up costing you a lot more

About the Author

Written by Zach Fuller

Zach Fuller is an entrepreneur who has built businesses in multiple industries. He served as Green Beret in the U.S. Army, conducting highly sensitive combat operations in Afghanistan. Zach was awarded a Bronze Star Medal and other decorations for his actions overseas. He later built an investor relations team for a private equity company. Holding the role of Executive Vice President, he lead the team to raising well over $300,000,000 in private capital to acquire real estate assets and making it to the Inc. 500 list of Fastest Growing Private Companies. Zach is a Certified Ethical Hacker and founding partner of Silent Sector, where he is focused on mid-market and emerging companies which he considers to be the backbone of the American economy and our way of life.