Expanded Definition: Penetration Testing

What is penetration testing?

To fully understand (and patch) the holes in their cybersecurity defenses, organizations will conduct what are essentially corporate-approved hacking attempts.

Called penetration testing, these attempts are carried out by a team of white hat hackers who try to break into an organization. They may combine a number of different attack methods, including:

  • Social engineering, such as phishing emails
  • Leaked or stolen credentials (often discovered via a dark web scan)
  • Software vulnerabilities, such as outdated operating systems or unpatched software
  • And more

The goal of these operations is to understand an organization’s vulnerabilities before a real threat actor can exploit them. With the rise of data breaches, many organizations request or even require routine penetration testing from partners, vendors, and other business players. Many leading cybersecurity frameworks and regulations may require penetration testing, too.

It’s important to note that penetration testing is not synonymous with the term vulnerability assessment, which may encompass penetration testing but is a separate term and set of processes.

The MSP role in penetration testing

Penetration testing is typically carried out by a specialty organization, so this is not something your managed service provider (MSP) business is likely to offer clients. However, MSPs can play an important role after a penetration test uncovers potential issues.

Once organizations understand the ways in which a hacker could break into their systems, they can take steps to address the issue. Remediating issues uncovered via penetration testing can include:

  • Upgrading IT systems and endpoints
  • Implementing better software patch management
  • Disabling unused or unnecessary ports, protocols, and services
  • Implementing new controls, such as multi-factor authentication (MFA) or two-factor authentication (2FA)

Many of these activities are the bread and butter of MSPs.

Timely patching

Hackers often exploit vulnerabilities in widely-used software to perpetrate attacks. This is why good patch management — a core service for MSPs — is so important.

By patching both operating systems and software (including third-party software) MSPs can support their clients’ cybersecurity programs. Ensuring that all devices are running updated, patched software, reduces the risk of this vector. With a good remote monitoring and management (RMM) tool, MSPs can put this task on autopilot with automation, too, saving on technician time and ensuring that patches are deployed immediately.

IT asset monitoring and management

Assets leave and join corporate networks constantly, especially in a remote work environment where workers may be using personal devices (such as mobile phones) to conduct work activities. MSPs can support cybersecurity with great IT discovery and asset management.

This can include:

Ports, protocols, and services

Vulnerable ports, protocols, and services are some of the most exploited items hackers use to gain access to corporate networks and systems. That’s why the penetration test report generated by the third-party organization will contain a list of open ports, protocols and services running within your clients’ networks.

MSPs must evaluate this list to determine whether these items should remain enabled. For those not needed, MSPs should take immediate action to disable the port, protocol, or service and set up proper logging and alerting if they are re-enabled within the environment.

It’s also important to note that obfuscating ports or protocols simply by changing their port numbers is not a security best practice. That’s because a free tool like Network Mapper can identify Remote Desktop Protocol running on a different port other than default port 3389. Instead, organizations should keep the default ports in place and set up monitoring and alerting to detect if they are exploited.

Password control

As any MSP knows, password issues are one of the most common causes of tickets. They’re also a big vulnerability.

According to the 2020 Verizon Data Breach Investigations report, if a data breach involved hacking tactics, stolen credentials or brute force measures were used 80% of the time. This just goes to prove that passwords don’t get a pass when it comes to cybersecurity.

Improving and managing passwords is important. Many people reuse passwords across personal and work accounts, which means they’re a vulnerability when passwords are compromised during data breaches (even at non-work companies or apps).

MSPs can help organizations with better password controls by:

Did you know?

Hacking techniques—such as accessing systems via stolen credentials or vulnerabilities—are used in 45% of data breaches.

Additional resources

blog icon The Top 6 Vulnerability Management Best Practices to Know

Managing vulnerabilities is an ongoing and crucial part of any organization’s cybersecurity defenses. Learn about a few of the best practices that MSPs can use to manage their own vulnerabilities and to help clients, too.

Blog post >>
toolbox icon ConnectWise Cybersecurity Starter Kit

Want to get started selling cybersecurity? We’ve put together a kit to help. Download the kit today for helpful resources that will transform your business from an MSP to an MSP+ model, including educational information for your SMB customers, templates, and more.

Kit >>
work plan icon The SMB Cybersecurity Checklist

How secure are your SMB clients? Chances are, they may not fully understand their risks and exposures. Use this 30-item checklist to start the conversation around cybersecurity, help them understand the cybersecurity landscape, and assess their security postures

Checklist >>
reporting icon Creating Opportunity from Adversity: The State of SMB Cybersecurity in 2020

SMBs are not immune from cybersecurity risks—quite the contrary. Our 2020 survey of 700 SMB decision makers uncovered interesting findings about how these businesses are thinking about cybersecurity, their spending plans, and what motivates them when it comes to security.

Report >>
ebook icon The Security Journey Self Assessment

Wondering where you stand in your cybersecurity journey? Take this assessment to understand how advanced your cybersecurity knowledge is and to identify areas where you can expand upon your understanding of key cybersecurity concepts and precautions.

eBook >>
blog icon How to Train MSP Employees on Cybersecurity

Cybersecurity is a key area of expansion and demand for MSPs, but it is a specialty. Technicians and other employees may not have the skills or knowledge about cybersecurity yet. This blog post walks through some of the key ways you can bring your MSP employees up to speed on cybersecurity.

Blog post >>