With remote working being the major shift in IT Service provisioning in 2020, the emphasis has been on ensuring the entrances into the corporate infrastructure are secure, sound and solid.
These entrances, known in the cyber security world as attack surfaces have changed dramatically due to the increase in remote workers accessing IT services.
What did really change?
Remote access in the pre-pandemic era was mostly provided to a known group of employees and contractors. In many cases corporate devices were supplied, with installed AV and malware protection software, the latest patches on the firmware and secured by a proper password. Virtual Private Network (VPN) software automatically kicked in when connected to an unknown Wi-Fi or cellular network, ensuring end-to-end encrypted data exchange, countering any man-in-the-middle eavesdropping.
In the new normal (pandemic and post-pandemic) there has been a huge shift is remote access. Employees, normally using a secured desktop office PC, are told to stay away from the office and work from home.
Most companies have limited budgets and no provisioning to deploy corporate system at scale for home usage. The result: working from home meant using personal computers and mobile devices. In one of our other blogs, more on this topic https://www.hexaport.io/post/working-from-home-your-pc-may-not-be-secure-enough
You Cannot Manage What You Cannot See
To understand to level of vulnerability, one needs to know the baseline of the current state of security. Ways to establish that baseline are through audits or security scans using service generally known as Security Vulnerability and Penetration Testing methods.
These scans or test will enable organizations to create a security baseline and the ability to manage security with the newly acquired visibility, preferably on a regular basis.
A numbers game
Unfortunately, Penetration Testing has a somewhat negative rap in the industry. It's perceived as expensive, invasive and resource intense to perform. External experts sit behind screens with data pouring in from tests, analyzing the numbers and finding loophole. And PenTests require in-house staff to perform these activities, taking them away from regular daily tasks. It's just too much...(sigh)
That is exactly what the bad actors, those criminal organizations, are betting on. It's not a matter IF you're attacked, but WHEN. The dark web cyber world has the money, knowledge and means to outsmart us. They are well funded and have the upper hand, unless...
PenTesting 2.0
Enter PenTest 2.0, a new approach. We're able to apply Artificial Intelligence (AI) and Machine-Learning (ML) based PenTest tools and methods. We're able to run thousands of simultaneous tests, testing firewall rules and policies, user authentication and identifying use of weak passwords, patterns in usernames and login access codes. All within the realm of 'white hat hacking', intended to establish this much needed and complete security baseline.
Using AI and ML we're able to offer lower cost PenTest services, a faster outcome of results, access to SMB as well as Large Enterprise customers.
When to start
Hexaport works with leading vendors in the industry to conduct a full PenTest 2.0 including reconnaissance, vulnerability scanning, exploitation and remediation as well as reporting.
This services-based offering allows our customers to run more frequent PenTests, with fast turn-around and a scalable approach.
We offer quarterly Quick-Scans, annual in-depth analysis, a cloud-based portal for reporting and expert advice and remediation services.
Contact us to learn more on https://www.hexaport.io/