SANS Analyst Report | Why the Pen Test Needs an Update
Most mature security organizations perform some regular penetration testing by internal teams, consulting, or both. However, in today’s realm of fast-moving technology changes and complex on-premises and cloud infrastructure, performing regular pen tests can be challenging for a variety of reasons.
First, most teams rely on vulnerability scanning to locate assets and potential avenues of exploitation during pen tests—these can be disruptive and produce a lot of false positives. Vulnerability scanners are certainly important, but their usefulness in comprehensive pen testing can be somewhat limited. Secondly, manual pen tests are always somewhat of a “point in time” endeavor and may have limited value over a longer period of time. Fortunately, new technologies are emerging to help provide automated attack modeling and more consistent, repeatable pen tests that mimic real-world attack techniques.
Download this analyst report for more on what attributes pen tests need to keep up with the current digital landscape.