Penetration Testing: A Managed Service Or Only Once Per Year?
In this episode Stanley Li and Sean Mahoney from Netswitch are joined by James Watson to discuss exactly what is Penetration Testing as a Service (PTaaS) and the increasing trend for businesses to move away from once-a-year pen tests to more regular, monthly ones instead.
- 15 years ago, when manual vulnerability scanning and assessments were the only options.
- Why manual plus automated testing combined is essential to get the highest quality results from pen tests.
- The new CVE 2020 1472 vulnerability Microsoft recently announced that won't be patched until 2021, and what this means for your testing schedule.
- Why insecure configurations created by your IT admins could be increasing your risk more than you realise.
- How the increasing number of regulatory and certification requirements have changed the testing landscape.
- Why companies now have to demonstrate they're consistently pro-active in testing their networks.
- Why the increase in remote working has only amplified these issues.
- Why penetration testing as a service is much more affordable than annual tests of years gone by.
- Which types of companies are particularly increasing their testing frequency.
- Why vulnerability assessments alone will not protect you from Ransomware attacks.
- What data penetration tests can identify that vulnerability assessments are unable to.
- How to effectively manage security risk if you're a small business with a limited budget.
- How an international hotel group client has increased their vulnerability assessment frequency from annually to monthly.
- Why they jumped at the chance to deploy Penetration Testing as a Service.
- How the old way of manual penetration testing could take over a month.
- Why the new combination of automation and manual effort can now perform the testing and deliver a report with remediation in just one business week.
- Why this means more time can be spent on remediation efforts and less on the testing itself.
- Why consistency is the key to effectively managing your cyber risk in an increasingly insecure world.