Once upon a time…
Our mission from day one has been to help bridge the security preparedness gap between small businesses and large enterprises. We’ve scanned tens of hundreds of thousands of networks and devices, using the data to build more intelligent threat detection models capable of predicting attacks with greater accuracy than typical severity scoring does to protect small businesses in a cost-effective way on an increasingly dangerous internet.
Before attempting to bring sanity and business acumen to vulnerability management, our founder worked as an infrastructure engineer for large media conglomerates and later building security infrastructure for law enforcement to protect their emergency dispatching systems and eventually concluded there was really no “9-1-1 for cybersecurity”. Not yet, anyway…
Vulnerability Management and Penetration Testing have gained high importance especially in the last couple of years. Organizations often have a complex network of assets storing sensitive data. Such assets are exposed to potential threats from inside as well as from outside the organization.
To get an overview of the security posture of the organization, conducting a vulnerability assessment is essential. This is what our SaaS does for our customers to assess their security posture without crossing the line into breaking and entering private property.
It is important to understand the clear difference between vulnerability assessments and penetration testing. To understand this difference, let’s consider a real-world scenario. You notice that your neighbor’s door isn’t locked properly, and the neighbor is not at home. This is a vulnerability assessment. Now if you actually open the neighbor’s door and enter the house, then that is a penetration test. In an information security context, you may notice that the SSH service is running with weak credentials; this is part of a vulnerability assessment.
If you actually use those credentials to gain access, then it is a penetration test. Vulnerability assessments are often safe to perform, while penetration tests, if not performed in a controlled way, can cause serious damage on the target systems.
Thus, a vulnerability assessment is one of the essential prerequisites for conducting a penetration test. Unless you know what vulnerabilities exist on the target system, you won’t be able to exploit them.
Performing penetration tests requires a well-planned and methodological approach. It is a multistep process which goes something like this.
- Information gathering:
is the most important phase of the penetration testing lifecycle. This phase is also referred to as reconnaissance. It involves the use of various passive and active techniques to gather as much information as possible about the target system. Detailed information gathering lays a solid foundation for further phases in the penetration testing lifecycle.
- Enumeration: Once you have basic information about the target, the enumeration phase uses various tools and techniques to probe the target in detail. It involves finding out the exact service versions running on the target system.
- Vulnerability assessment: The vulnerability assessment phase involves the use of various tools and methodologies to affirm the existence of known vulnerabilities in the target system.
- Gaining access: From the previous phase, you have a list of probable vulnerabilities for your target. You can now attempt to exploit these vulnerabilities to gain access to the target system.
- Escalating privileges: You may get access to your target system by exploiting a particular vulnerability; however, the access may be restricted. To infiltrate deeper, you need to use various techniques and escalate the privileges to that of highest level such as administrator, root, and so on.
- Maintaining access: Now that you have worked hard gaining access to the target system, you will certainly want it to persist. This phase involves using various techniques to make the access to the target system persistent.
- Covering tracks: The penetration process may create garbage files, modify configuration files, change registry entries, create audit logs, and so on. Covering your tracks involves cleaning up all the traces left during the
ZEPSEC offers companies a way to conduct their own vulnerability management in a way that can be understood by all and integrated with existing tools to deliver transparency into the management of your security.
Get in touch to discuss how we can help!