Column Control DTX

Penetration Testing: Money Spent, Still Vulnerable

Technical Overviews

WHY PENETRATION TESTS ARE INADEQUATE

 

To protect valuable computer systems, we build layers of security around them. The layers comprising your security perimeter need to be tested to make sure they can really protect against the relevant threats.

 

Penetration testing is focused test with an objective to expose one or two possible ways of reaching the protected system. Uncovering even a single hole in the perimeter is considered a successful penetration test.

 

While penetration tests are valuable for organizations and security teams, they overlook two major factors:

 

• The network infrastructure

• Networking blind spots

 

In addition, penetration tests are valid only for a limited period of time, and the result does not remain true after making changes to the network configuration or policies. It is a time-bound snapshot of an organization’s security posture, which constantly evolves.

 

A MORE HOLISTIC APPROACH

 

Ixia offers a holistic approach for security testing, which concentrates on exposing the chinks in your perimeter armor, and can expose many more security holes throughout the network. The tests are repeatable, and can easily be turned into a continuous, ongoing process. Every time the network changes, after any network or policy changes, the tests may re-run automatically to see if the network is still secure. Think of it as numerous, micro–penetration tests carried out automatically every day.

 

A solution like BreakingPoint makes it possible to implement a holistic, continuous testing process, such as:

 

• Testing a full suite of attack vectors, instead of just a few selected attacks in a regular penetration test.

 

• Adding numerous evasion techniques used by hackers, to ensure you are protected no matter how hostile agents modify or obfuscate their attack.

 

• Testing “good” traffic from real-world applications, at realistic enterprise scale. This means your tests are realistic and enables you to gauge the impact an attack would have on real users.

 

• Testing Data Loss Prevention (DLP), file blocking and forensics by simulating files moving through the network in a variety of formats, and via multiple application protocols.

 

• Simulating complex lifecycles of Advanced Persistent Threats (ATPs), understanding that many attacks are not a one-off affair and part of a longterm multi-stage campaign targeting your organization.

 

The following sections will explain how you can add each of these levels of realism to your continuous testing mix, and the value to your organization of ongoing, multi-faceted testing of security scenarios.

 

TESTING A COMPLETE SUITE OF ATTACK VECTORS

 

Most penetration tests are based on a limited number of attacks. They do not test all the possible threat vectors, not even a selection of the most important ones.

 

Network perimeter test software, such as BreakingPoint, uses powerful machines (either commodity boxes or specialized equipment) that can create a much broader variation of attacks at large scale. Attack testing involves generating thousands of exploits, containing signatures and live malware, to evaluate the perimeter’s ability to identify and block the different threat vectors.

 

A solution like BreakingPoint can generate more than 35,000 types of attacks within an hour, and can provide overall understanding of your strengths and weaknesses. Two examples:

 

• You may be well prepared to stop Hyptertxt Transfer Protocol (HTTP)-related attacks, however hackers can successfully deploy malware over Simple Mail Transfer Protocol (SMTP).

 

• The network can block attacks over Internet Protocol Version 4 (IPV4), but any attack over IPV6 can pass through.

×

Please have a salesperson contact me.

*Indicates required field

Preferred method of communication? *Required Field
Preferred method of communication? Change email?
Preferred method of communication?

By clicking the button, you are providing Keysight with your personal data. See the Keysight Privacy Statement for information on how we use this data.

Thank you.

A sales representative will contact you soon.

Column Control DTX