As our cyber offering continues to expand, we have also invested heavily into technology that enhances our overall offering, especially in education, where we work with resellers who deliver solutions for schools and colleges. One area we have recently focused on is penetration testing and the ongoing need to secure networks. Here’s the thought process behind our latest solution – Cyber Test.
What is Penetration Testing, and what does it cost?
Penetration testing is the systematic process of identifying and exploring vulnerabilities in your networks and software, to enable vulnerabilities to be eliminated. It can include testing your processes and your human resilience.
This is a rather open-ended description and many engagements begin with a few days of ‘scoping’. This involves chewing through the budget to decide what should be tested and how, rather than actually testing anything.
CyberTest has been designed specifically for schools, to fit school budgets. We provide you with a scope, which defines what we will test and how we will test it. If you are happy we can go ahead.
When should you have a Penetration Test?
A penetration test only validates that your organisation’s IT systems are not vulnerable to known issues on the day of the test. Or more likely, it identifies vulnerabilities discovered on the day of the test.
That’s why regular penetration testing is recommended. If your processes are immaculate, and all systems are covered by your processes, then your test results should be clean. But the longer the gap between tests, the longer a process error or vulnerability will remain undiscovered.
CyberTest is a continuous testing process, monitoring in real-time whether systems are vulnerable to known issues.
What should be included in a Penetration Test?
This is what the scoping process of your penetration test is supposed to define. You tell the testers what you want them to test. The problem here is that the systems associated with your organisation that you know about are probably the systems that you maintain well. It’s like asking someone to test that you have locked the front door, the back door and all the windows, then finding that the lawnmower has been stolen from your shed.
CyberTest operates a continuous process of discovery, finding all the internet-facing systems belonging to your school, and testing them… continuously.
What are the deliverables and what should I do with them?
A penetration test should identify things which make your systems vulnerable to attack. These could be locations of your cloud systems, known vulnerabilities, configuration problems, exposed services, encryption issues, or other hygiene issues which make you more vulnerable to attack.
It should categorise and prioritise the observations and make recommendations for remediation.
This is how CyberTest works. Our consultants use automated tools supplemented with human analysis and comment. As part of the continuous process of discovery and testing, we also report on how long discovered vulnerabilities remain, and which have been fixed
What Can I do Today – For Free?
Get in touch with us, we will run an initial assessment and give your network a vulnerability score.
You can then decide whether you want to employ the Cyber Test service, in which case you will be introduced to one of our specialist resellers who can provide more details and costs.