What is penetration testing?
To fully understand (and patch) the holes in their cybersecurity defenses, organizations will conduct what are essentially corporate-approved hacking attempts.
Called penetration testing, these attempts are carried out by a team of white hat hackers who try to break into an organization. They may combine a number of different attack methods, including:
- Social engineering, such as phishing emails
- Leaked or stolen credentials (often discovered via a dark web scan)
- Software vulnerabilities, such as outdated operating systems or unpatched software
- And more
The goal of these operations is to understand an organization’s vulnerabilities before a real threat actor can exploit them. With the rise of data breaches, many organizations request or even require routine penetration testing from partners, vendors, and other business players. Many leading cybersecurity frameworks and regulations may require penetration testing, too.
It’s important to note that penetration testing is not synonymous with the term vulnerability assessment, which may encompass penetration testing but is a separate term and set of processes.
The MSP role in penetration testing
Penetration testing is typically carried out by a specialty organization, so this is not something your managed service provider (MSP) business is likely to offer clients. However, MSPs can play an important role after a penetration test uncovers potential issues.
Once organizations understand the ways in which a hacker could break into their systems, they can take steps to address the issue. Remediating issues uncovered via penetration testing can include:
- Upgrading IT systems and endpoints
- Implementing better software patch management
- Disabling unused or unnecessary ports, protocols, and services
- Implementing new controls, such as multi-factor authentication (MFA) or two-factor authentication (2FA)
Many of these activities are the bread and butter of MSPs.
Timely patching
Hackers often exploit vulnerabilities in widely-used software to perpetrate attacks. This is why good patch management — a core service for MSPs — is so important.
By patching both operating systems and software (including third-party software) MSPs can support their clients’ cybersecurity programs. Ensuring that all devices are running updated, patched software, reduces the risk of this vector. With a good remote monitoring and management (RMM) tool, MSPs can put this task on autopilot with automation, too, saving on technician time and ensuring that patches are deployed immediately.
IT asset monitoring and management
Assets leave and join corporate networks constantly, especially in a remote work environment where workers may be using personal devices (such as mobile phones) to conduct work activities. MSPs can support cybersecurity with great IT discovery and asset management.
This can include:
Ports, protocols, and services
Vulnerable ports, protocols, and services are some of the most exploited items hackers use to gain access to corporate networks and systems. That’s why the penetration test report generated by the third-party organization will contain a list of open ports, protocols and services running within your clients’ networks.
MSPs must evaluate this list to determine whether these items should remain enabled. For those not needed, MSPs should take immediate action to disable the port, protocol, or service and set up proper logging and alerting if they are re-enabled within the environment.
It’s also important to note that obfuscating ports or protocols simply by changing their port numbers is not a security best practice. That’s because a free tool like Network Mapper can identify Remote Desktop Protocol running on a different port other than default port 3389. Instead, organizations should keep the default ports in place and set up monitoring and alerting to detect if they are exploited.
Password control
As any MSP knows, password issues are one of the most common causes of tickets. They’re also a big vulnerability.
According to the 2020 Verizon Data Breach Investigations report, if a data breach involved hacking tactics, stolen credentials or brute force measures were used 80% of the time. This just goes to prove that passwords don’t get a pass when it comes to cybersecurity.
Improving and managing passwords is important. Many people reuse passwords across personal and work accounts, which means they’re a vulnerability when passwords are compromised during data breaches (even at non-work companies or apps).
MSPs can help organizations with better password controls by:
