Expanded Definition: Penetration Testing
What is penetration testing?
To fully understand (and patch) the holes in their cybersecurity defenses, organizations will conduct what are essentially corporate-approved hacking attempts.
Called penetration testing, these attempts are carried out by a team of white hat hackers who try to break into an organization. They may combine a number of different attack methods, including:
- Social engineering, such as phishing emails
- Leaked or stolen credentials (often discovered via a dark web scan)
- Software vulnerabilities, such as outdated operating systems or unpatched software
- And more
The goal of these operations is to understand an organization’s vulnerabilities before a real threat actor can exploit them. With the rise of data breaches, many organizations request or even require routine penetration testing from partners, vendors, and other business players. Many leading cybersecurity frameworks and regulations may require penetration testing, too.
It’s important to note that penetration testing is not synonymous with the term vulnerability assessment, which may encompass penetration testing but is a separate term and set of processes.
The MSP role in penetration testing
Penetration testing is typically carried out by a specialty organization, so this is not something your managed service provider (MSP) business is likely to offer clients. However, MSPs can play an important role after a penetration test uncovers potential issues.
Once organizations understand the ways in which a hacker could break into their systems, they can take steps to address the issue. Remediating issues uncovered via penetration testing can include:
- Upgrading IT systems and endpoints
- Implementing better software patch management
- Disabling unused or unnecessary ports, protocols, and services
- Implementing new controls, such as multi-factor authentication (MFA) or two-factor authentication (2FA)
Many of these activities are the bread and butter of MSPs.
Hackers often exploit vulnerabilities in widely-used software to perpetrate attacks. This is why good patch management — a core service for MSPs — is so important.
By patching both operating systems and software (including third-party software) MSPs can support their clients’ cybersecurity programs. Ensuring that all devices are running updated, patched software, reduces the risk of this vector. With a good remote monitoring and management (RMM) tool, MSPs can put this task on autopilot with automation, too, saving on technician time and ensuring that patches are deployed immediately.
IT asset monitoring and management
Assets leave and join corporate networks constantly, especially in a remote work environment where workers may be using personal devices (such as mobile phones) to conduct work activities. MSPs can support cybersecurity with great IT discovery and asset management.
This can include:
- Identifying every device that joins the network
- Automatically deploying agents to each endpoint
- Monitoring endpoints 24/7
- Responding quickly to abnormal behavior
- Replacing devices when they reach end-of-life status
- And more
Ports, protocols, and services
Vulnerable ports, protocols, and services are some of the most exploited items hackers use to gain access to corporate networks and systems. That’s why the penetration test report generated by the third-party organization will contain a list of open ports, protocols and services running within your clients’ networks.
MSPs must evaluate this list to determine whether these items should remain enabled. For those not needed, MSPs should take immediate action to disable the port, protocol, or service and set up proper logging and alerting if they are re-enabled within the environment.
It’s also important to note that obfuscating ports or protocols simply by changing their port numbers is not a security best practice. That’s because a free tool like Network Mapper can identify Remote Desktop Protocol running on a different port other than default port 3389. Instead, organizations should keep the default ports in place and set up monitoring and alerting to detect if they are exploited.
As any MSP knows, password issues are one of the most common causes of tickets. They’re also a big vulnerability.
According to the 2020 Verizon Data Breach Investigations report, if a data breach involved hacking tactics, stolen credentials or brute force measures were used 80% of the time. This just goes to prove that passwords don’t get a pass when it comes to cybersecurity.
Improving and managing passwords is important. Many people reuse passwords across personal and work accounts, which means they’re a vulnerability when passwords are compromised during data breaches (even at non-work companies or apps).
MSPs can help organizations with better password controls by:
Did you know?
Hacking techniques—such as accessing systems via stolen credentials or vulnerabilities—are used in 45% of data breaches.
Managing vulnerabilities is an ongoing and crucial part of any organization’s cybersecurity defenses. Learn about a few of the best practices that MSPs can use to manage their own vulnerabilities and to help clients, too.
Want to get started selling cybersecurity? We’ve put together a kit to help. Download the kit today for helpful resources that will transform your business from an MSP to an MSP+ model, including educational information for your SMB customers, templates, and more.
How secure are your SMB clients? Chances are, they may not fully understand their risks and exposures. Use this 30-item checklist to start the conversation around cybersecurity, help them understand the cybersecurity landscape, and assess their security postures
SMBs are not immune from cybersecurity risks—quite the contrary. Our 2020 survey of 700 SMB decision makers uncovered interesting findings about how these businesses are thinking about cybersecurity, their spending plans, and what motivates them when it comes to security.
Wondering where you stand in your cybersecurity journey? Take this assessment to understand how advanced your cybersecurity knowledge is and to identify areas where you can expand upon your understanding of key cybersecurity concepts and precautions.
Cybersecurity is a key area of expansion and demand for MSPs, but it is a specialty. Technicians and other employees may not have the skills or knowledge about cybersecurity yet. This blog post walks through some of the key ways you can bring your MSP employees up to speed on cybersecurity.