Detect & Respond

No organization is fully secure from all attackers.

Unfortunately, a persistent and/or advanced attacker WILL breach your systems if they decide to target you. It is impractical to fully defend against all attacks. In fact, even “unplugging the computer” will not stop all attacks. As a result, the ability to detect, respond to, and investigate unauthorized access is as critical a goal as having secure configurations.

That is one of the benefits of regular penetration testing. Testing doesn’t just find vulnerabilities – it also tests some of your monitoring and alerting.

Penetration testing (as opposed to Red teaming) is not designed to be stealthy. From port scans, DNS enumeration, vulnerability scans, exploitation tools, web application scanning, etc., the majority of penetration testing activity should “light up” a properly configured firewall, endpoint security solution, or WAF.

So, while resolving the issues identified in a penetration test report is critical, it is also important to analyze the testing activity against the alerts you did (or didn’t) see from your monitoring tools.

That way, you are getting the full value from your penetration tests and staying a step ahead of attackers, instead of the other way around.