Thank you for your interest in our newsletters. You will receive an email shortly to confirm your subscription.
Ben Downton, Principal Security Consultant
4 mins read
The term penetration test has long been used by the security industry to mean anything from an elite assessment that simulates a real life attack, to little more than an analyst pressing 'start' and 'stop' on an off-the-shelf scanning solution.
It’s important for organizations to be informed, so they can make better risk-based decisions. With that in mind, here are four different levels of security assessment and their appropriate uses that organizations can employ:
A vulnerability assessment makes use of automated tools to identify technical vulnerabilities in systems, either through their configuration or maintenance. These vulnerabilities are found by testing for known conditions, and are typically related to outdated software or default configurations that can be actively exploited.
A system-driven penetration test builds on the vulnerability assessment by performing additional manual security testing. This involves exploring any exploitable vulnerabilities further to compromise the system or information exposed. It also identifies whether any access gained could be used as a pivot to target further systems.
As the name suggests, goal-driven penetration test looks at attacker goals, not IT systems. The penetration test then seeks to achieve these goals through various means, identifying which attack paths are viable to achieve such a goal and which aren’t.
The scope is much broader (usually the entire organization) and supported with knowledge of the organization, but provides a more realistic view of how an attack would be conducted.
A targeted attack simulation (TAS) looks to achieve the same objectives as the goal-driven penetration test but is conducted in line with how a real cyber attack would occur.
All stages of an attack, from target enumeration through to post-exploitation and exfiltration of data are executed. Acting with a degree of stealth allows the organization to determine not only if an attack’s possible, but whether their capabilities are sufficient to detect and respond to the attack within a reasonable time frame.