Are We Secure?

Updated: July 02, 2010

If we are stuck in the position of only having been told that we are secure but we don't really know, how do you move to that point? This is where testing comes into play. OK, but what kind of testing? There are several types of testing such as security audits and vulnerability scans, but the real action happens with penetration testing. This is when someone, under controlled circumstances, actually tries to defeat your defenses. With penetration testing, you move from someone telling you are secure to knowing you are secure because someone has tried to hack your systems, just like the bad guys would. Using the same tools, techniques, and methods as malicious attackers, they evaluate your systems and tell you the avenues of attack. With permission, they escalate and attempt to breach your protections and take control of your systems and your data. Afterwards, they prepare a report, tell you how they got in or if they didn't how they tried, how they did what they did, and how to remediate the problems so that it doesn't happen again.

With penetration testing, you not only learn if someone could get in, but also how they would do it and if your supporting infrastructure and teams could detect and handle it. Is your monitoring sufficient? Would it let you know something was going on? Would your team know what do? Could they remediate it properly and recover the systems involved in a timely manner? All these sorts of questions and more can be addressed during a penetration test.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more