You may have heard a saying that goes “the paranoid survive”! If your responsibility is Cyber Security for a large enterprise or enterprises, then you would have heard about “Continuous Threat Exposure Management” or CTEM by now. Avoid a breach before it creeps up on your team!
The management part of this is important but what about Penetration Testing? Presently most companies do a Penetration Test once annually. Have you been wondering:
- What happens between Penetration Testing Projects or during them if it takes the team the entire year?
- When we do API updates, are we sure there is no exposure?
- Does this consider that your patches and upgrades are processed on a constant basis?
- Who is new on the admin team and do they understand our security protocol!
- What new applications have been installed, how often?
- Are all our third parties safe for us? Have they added a weak password in our environment?
- If new CVE’s are released daily, do we have any? Are they exploitable?
- When I get the “Penetration Testing Report”, is it even valid now? Or next week?
- Is continuous penetration testing something we should look at?
These are quite concerning considering your digital footprint is changing daily, maybe by the minute! If these points worry you, then you will be aware that compliance is also a requirement. In fact, it may be that compliance is a focus in the board room that outweighs these points. It shouldn’t but often it does! Missing a compliance deadline is nothing, until your enterprise experiences a breach!
Perhaps now you are already contemplating the value of CTEM with respect to Penetration Testing.
Click through to our site and see the white-paper.
Remain paranoid!
P.S. BTW, does anyone still think a vulnerability scan is a penetration test?
See more about RidgeBot