A penetration test is a dynamic test that actively attempts to penetrate into a network by bypassing, and in some cases, disabling security controls (i.e. via malware) to simulate a real-life attack. This test differs from a vulnerability scan in that the latter is a passive test used to identify vulnerabilities and holes in a network, while a pen-test is an active test that capitalizes on those vulnerabilities by seeking to actively exploit them. While a vulnerability scan shows the potential for a cyber-attack to occur - and thus illustrates risks to your corporate network - a penetration test reveals the way an attack could actually occur (i.e. attack vectors) while revealing how security measures and controls deal with such attacks, and thus illustrates the different types of threats to your company infrastructure. Vulnerability scanning generally encompasses the second step in the phases associated with network hacking, while penetration testing is the exploit (and sometimes, the post-exploit) stage that goes beyond showing how your network could theoretically be breached due to finding vulnerabilities, and illustrates how your network can practically and realistically be breached in real-world situations.
A penetration tester seeks to actively gain access into your network in the same way that a malicious hacker would. Cyber-security engineers thus simulate real-life attacks by using popular tools - whether they be: open source or proprietary - along with powerful frameworks and operating systems, attack vectors, and methodologies to attack your systems, bypass security controls, and gain access to your systems, often by way of pivoting. Pivoting uses the fact that network systems are interconnected - even if indirectly - to allow a hacker to compromise many high-level systems by first breaching a reachable system by direct attack. After this initial compromise, the hacker then attacks and breaches other, connected systems.
A skilled hacker can continually utilize all phases of the hacker methodology - recon, port and vulnerability scanning, and exploitation/post-exploitation - over and over to breach more and more systems that are connected, and thus can ultimately gain access to systems that were initially unreachable.
Once vulnerabilities are identified, running known exploits - or using a zero-day exploit - against the security hole is usually sufficient to compromise the system. Using rootkits and malware (armored viruses, backdoors, polymorphic viruses, etc.) is also an option to aid in compromising a system, usually in the post-exploitation phase. Once a system is compromised, accounts can be breached, administrative access can be gained and sensitive data can be extracted, copied, modified, or even erased. These methodologies and attack vectors are very important for companies to actively use on business networks to go a step beyond vulnerability scanning in order to ensure that their networks can fully withstand even an advanced real-life cyber attack, which can only be confirmed when networks are actively tested and security controls are, as a result, properly hardened and configured.
A significant aspect of penetration tests is that they don't simply scan networks for security holes like vulnerability scanners do, but also determine the efficacy of security controls, and even determine - in the event that a data breach occurs - how well certain security systems react to aid in identifying the cyber attack. Such security controls include monitoring systems such as Network/Host Intrusion Detection Systems (NIDSs/HIDSs), as well as an Intrusion Detection and Prevention System (IDPS), along with comprehensive log systems (access logs, system logs, traffic logs, etc.) to capture and analyze all network traffic for auditing,
defensive fronts such as a Unified Threat Management or Next-Generation Firewall, Web Application firewall (WAF), Network and Host Firewalls, etc. A pentest can also test the efficiency of corporate encryption systems, and whether basic methods of hacking (i.e. banner grabbing, pinging servers) are viable attack methods, and thus whether certain systems need to be hardened.
In the event of a compromised administrative account, a correctly operating Intrusion Detection System (IDS) and monitoring system would identify a data breach, alert security admins, and would specifically pinpoint the occurrences of accounts being compromised and of data exfiltration. A penetration test helps to not only identify vulnerable systems, but also identifies weak systems that can be exploited on multiple fronts. Thus, a penetration test gives a very thorough and comprehensive overview of your company's network security posture.
Penetration tests can be carried out using a variety of automated tools and manual methods, the former of which can include many different platforms, proprietary and open-source tools, and frameworks. Manual methods include code injection, shell scripting network commands run against a server, malware usage, and other advanced techniques. Combining all of the aforementioned mechanisms offers a powerful and comprehensive test that can cover all attack surfaces to give a complete overview of your security posture. That said, it is important to note some differences between automated tools and manual penetration techniques:
Such tools are used to identify system vulnerabilities and to automatically apply exploits and to drop payloads in a way that is based on certain known system weaknesses. This offers a quick and easy way to test a system, but is not very efficient against unknown system vulnerabilities.
This offers a more in-depth pen-test that can result in the use of uncommon attack vectors, giving your company a better, more realistic view of a real-life attack. This test uses proprietary methodologies, custom exploits/payloads and scripts to compromise systems, account passwords, sensitive data, etc. Manual testing also allows security engineers to verify the findings of automated scanning tools in order to eliminate false positives.
In 2014, the Cyber-threat defense report reported that 71 percent of organizations were affected by cyber-attacks. We work hard to ensure that your company does not fall victim to cyber-threats. In addition to offering a thorough penetration test, we provide a post-test report on all discovered vulnerabilities, access points, and attack vectors that an attacker can use to exploit your networks. To ensure an organized risk management system to mitigate future threats, our security personnel use their years of risk management experience, in conjunction with the OWASP Risk rating methodology, to create a customized risk assessment system that highlights imminent high-level threats, low-risk issues, and everything in between.
Lastly, our security team provides your network engineers with a detailed explanation of each vulnerability found via our tests, along with steps to remediate the ascertained security flaws and specific steps on how to reproduce the successful attacks on the network for future analysis. Our security audits not only help with the continuity of your business, but also satisfy the multiple legal requirements stipulating that businesses must have assessments completed by a third-party.