Q

Are penetration tests essential for enterprise network security?

Penetration testing can provide valuable information on the state of your security defenses, but it's quite expensive. In this expert Q&A, Mike Chapple explains whether an organization should make the move.

How large of a role should penetration testing have in an enterprise network security strategy?
Penetration testing can provide valuable information on the state of your security defenses, but it's quite expensive. For a penetration test to have credibility, it usually must be performed by an independent, outside firm. If you use insiders and the tests demonstrate vulnerabilities, you'll hear criticisms that the testers must have taken advantage of their insider information and knowledge of the infrastructure in an attempt to swell security budgets. On the other hand, if the tests show that all's well, you'll be criticized for conducting a test that isn't thorough enough. That's certainly a catch-22 if I've ever seen one!

Due to the high cost of penetration testing, I usually recommend that mature security programs consider it. If you're currently building up your security infrastructure and lacking several major pieces, invest your budget there first. Otherwise, the penetration test will only uncover vulnerabilities that you're already aware of. On the other hand, if you deploy penetration testing to evaluate a fully implemented infrastructure, you...

might gain valuable insight on potential weaknesses.

More information:

  • Michael Cobb provides tips on how to select a penetration tester.
  • Learn how to pen test a VPN.
  • This was first published in July 2007
    This Content Component encountered an error

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close