Trends

Pentesting and the False Sense of Security

Penetration testing started as a concept in 1960 as early computer industry pioneers knew there would be inherent risks to controlling access. In 1984, the US Navy commenced the idea of ethical hacking to demonstrate just how easy an attacker could breach a naval base. Both penetration testing and ethical hacking remain omnipresent today and are heavily relied upon to limit vulnerabilities.

The initial idea of penetration testing is fascinating because you place yourself in the shoes of the attacker to proactively uncover vulnerabilities. While certainly a useful exercise for security teams, there are important limitations.

First and foremost, pentesting is typically conducted once every three months. That’s it. If the pentester detects something, you work on a remediation plan until you are “secure.” Attackers take advantage of this time cycle to intrude networks.

Attackers take advantage of the pentest time cycle to intrude networks.

— Lumu Technologies

Another drawback is you assume penetration testing details everything there is to know about your exposure. If pentesting goes well, it only denotes the person who performed the test can’t breach your network. It does not signify that an attacker with higher skills cannot gain access. That is a major distinction.

Also consider that money is a powerful incentive. The person conducting the pentesting wants to quickly perform the analysis, write a report and move on to the next client or task. An attacker is highly motivated and persistent as breaching the targeted network means a big reward. So, do these shortcomings mean that pentesting is irrelevant? Absolutely not. Similar to other security tools in the shed, pentesting is necessary and in some cases even required due to regulations. At the end of the day, however, your job as a security professional is not compliance but to avoid a breach that adversely impacts the company.

What can be done? The first step is to assume that you are compromised. This is a simple statement, but it totally changes your mindset and allows you to work inside-out. With this approach, it doesn’t matter how an attacker breaches your network. What matters is your ability to identify and act upon a compromise at speed.

With this mentality, you don’t focus on vulnerabilities and try to breach your system. When all is said and done and the dust clears, breaching the system will always be as simple as clicking a link. You can have the more “secure” network, but endpoints and employees will always be exposed. So why not assume you are compromised and prove otherwise?

When you come to terms with this realization, you can think in a totally more proactive way. At LUMU we call this concept continuous assessment which means that you are constantly working to identifying IOCs (indicators of compromise) to avoid a breach before it happens. You don’t need to wait until your next scheduled pentesting or rely on the ability of the pentester. You can take action today.

Some advantages of continuous assessment

  • Assumes you are compromised and proves otherwise
  • Proactive approach to detect IOCs
  • Monitors your traffic 24/7
  • Only spotlights critical events you need to check
  • Incorporates up-to-date threat intelligence
  • Helps to avoid alert fatigue

Remember that hacking your system is only the first step. The attacker then needs to escalate privileges, locate the desirable data and ultimately exfiltrate. You are well on your way if you can inhibit this cycle by proactively detecting anomalous behavior.

Visit us at www.lumu.io or contact us at info@lumu.io if you would like to learn more how LUMU can help you on your path to cyber-resilience.

Recent Posts

  • Blog

Lumu & the MSP Community: 2024 in Review

Reading Time: 4 minsLumu has worked hand-in-hand with MSPs throughout a year that consolidated the…

4 days ago
  • Blog

Reflecting on 2024: Lumu’s Innovations in SecOps

Reading Time: 5 minsLumu’s 2024 SecOps advancements focus on automation and smarter threat detection, with…

6 days ago
  • Attacks

Lumu’s Detection & Response to a Real-World DNS Tunneling Attack

Reading Time: 7 minsThis is the story of a serious DNS tunneling attack on a…

1 week ago
  • Events

Cybersecurity Insights for MSPs: Lessons from IT Nation Connect 2024

Reading Time: 4 minsDiscover the top insights from Lumu’s pre-conference workshop at IT Nation Connect,…

4 weeks ago
  • Stories

Cybersecurity Trends 2025 and Beyond: Navigating AI-Driven Evasion Techniques and Autonomous Threats for Resilient Defense

Reading Time: 2 minsAs we move into 2025, AI-driven evasion and autonomous threats will redefine…

1 month ago
  • Trends

CISA Reveals How 12 Ransomware Gangs are Bypassing EDRs

Reading Time: 7 minsEndpoint Detection and Response (EDR) has a critical role in most companies’…

2 months ago