IT Security | System Administration

Test-drive your IT cybersecurity with penetration testing

28. January 2021, Avatar of Felix ZechFelix Zech

Safety features in modern cars like blind spot detection, lane departure warnings and adaptive cruise control have made driving safer than ever. They’re great to have, but the technology alone isn’t what reduces the risk of a crash. We have to learn how to use and respond to those systems in day-to-day real-world conditions and maintain them regularly to keep them in good working order.

Regular testing

A pentest must be carried out at regular intervals because the data obtained is outdated as fast as the technology and the range of threats advances (i.e. pretty quickly). It’s a challenge due to the nature of IT and business computing -- new products are constantly being added, configurations change, new users and devices are added, etc. Every change can introduce new gaps and vulnerabilities. 

IT admins also have to maintain a balance between the sometimes competing priorities of keeping users productive and keeping systems secure. That’s what makes regular and frequent pentesting both from inside and outside the network so important.
 

Take it out for a spin regularly

The scope and urgency of recommended remediations and countermeasures will vary based on the results of each pentest. These should be implemented as well as documented. The next test should also check whether the recommended actions have been completed successfully. It is only through continuous testing and improvement that IT security can be established and reliably maintained.

So, take your security tools and procedures out for spin regularly. You’ll appreciate being in the cybersecurity driver’s seat.
 

Handlungsempfehlungen aus dem Pen-Test

Je nach Resultat ergibt sich aus einem Pen-Test Handlungsempfehlungen unterschiedlicher Dringlichkeit. Diese sollten nicht nur umgesetzt, sondern auch dokumentiert werden. Beim nächsten Test sollte dann auch überprüft werden, ob diese erfolgreich umgesetzt wurden. Nur durch kontinuierliches Testen und Verbessern kann so etwas wie IT-Sicherheit im Unternehmen etabliert werden. Penetrationstests müssen deshalb als dauerhaftes Instrument der IT-Security akzeptiert werden.

Read more