Pentesting as a service is quickly becoming a more advantageous way of securing a company’s internet presence. While the degree of protection needed for each business differs, one thing is clear. We are not doing enough.
IT Leadership is beginning to realize that one Pentest a year is not enough. What happens if an engineer makes a configuration mistake exposing your systems environment one week after your Pentest has been completed? You are basically exposed for a whole year if your vulnerability scans do not detect the issue.
Theoretically, you would like to test after every change window. That would have been cost prohibitive in the past. However, several companies on the cutting edge are automating the Pentest process. Pentesting is already done using a series of opensource technologies. These companies are using these same tools but automating the thought process an engineer would use to preform a manual test.
Once configured, a test can be run simply by pressing a button. The costs therefore will be dramatically reduced. We can then have the jobs run routinely testing your environment after every change. When new systems are brought online, you can have those systems tested before going live.
Pentesting as a service is currently offered by a number of companies in this automated fashion. It’s only a matter of time before industry leaders start taking advantage of these technologies. Unfortunately, many organizations only implement the tools required for compliance, but those organizations who are serious about data security will gravitate towards these sorts of technologies that make your security program more effective.