Problem solve Get help with specific problems with your technologies, process and projects.

Are penetration tests essential for enterprise network security?

Penetration testing can provide valuable information on the state of your security defenses, but it's quite expensive. In this expert Q&A, Mike Chapple explains whether an organization should make the move.

How large of a role should penetration testing have in an enterprise network security strategy?
Penetration testing can provide valuable information on the state of your security defenses, but it's quite expensive. For a penetration test to have credibility, it usually must be performed by an independent, outside firm. If you use insiders and the tests demonstrate vulnerabilities, you'll hear criticisms that the testers must have taken advantage of their insider information and knowledge of the infrastructure in an attempt to swell security budgets. On the other hand, if the tests show that all's well, you'll be criticized for conducting a test that isn't thorough enough. That's certainly a catch-22 if I've ever seen one!

Due to the high cost of penetration testing, I usually recommend that mature security programs consider it. If...

you're currently building up your security infrastructure and lacking several major pieces, invest your budget there first. Otherwise, the penetration test will only uncover vulnerabilities that you're already aware of. On the other hand, if you deploy penetration testing to evaluate a fully implemented infrastructure, you might gain valuable insight on potential weaknesses.

More information:

  • Michael Cobb provides tips on how to select a penetration tester.
  • Learn how to pen test a VPN.
  • This was last published in July 2007

    Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.