To explain automated penetration testing, first we must briefly explain penetration testing. A penetration test is a process where a skilled security tester attempts to find weaknesses, and breach the security of your systems. An automated penetration test is just an automated version of this, right?
Well, yes, sort of! In reality penetration tests involve a range of activities, some of which are manual and some of which can and should be automated. For example, when guessing passwords, a human tester might look at the individuals in a company, and tailor some of their guesses based on birthdays or pets’ names found online; they might even manipulate the company name or office address in the hope it might yield something interesting. However, when it comes to detecting known software flaws – like a server that’s missing security patches, common passwords, or unintended exposure to the internet – this can and should be automated. The tools that find these flaws are actually used by penetration testers, and so are sometimes called automated pen-testing tools, or online penetration testing tools, but are most commonly known as vulnerability scanners.
Historically, penetration tests were usually carried out once or twice per year. However, as the prevalence of automated attacks increases, businesses can no longer afford to rely on one or two check-ups per year. As a result, they are looking for more automated penetration testing tools (which we now know are also called vulnerability scanners). Intruder is an example of a vulnerability scanner, offering year-round protection from opportunistic attackers.
Intruder works seamlessly with your technical environment to test your systems for security from the same perspective (the internet) as the people who are looking to compromise it, using industry leading penetration testing software (software used by penetration testers) under the hood. While there are a few options available for using online penetration testing tools, Intruder is designed to be simple and fast, so you can get set-up and protected in little to no time.
What's more, Intruder includes Emerging Threat Scans, which proactively check your systems for newly discovered vulnerabilities soon after they are disclosed. It may not be a fully automated penetration test, but it certainly is like having an automated penetration tester watching over your systems! This feature is just as valuable to small businesses as it is to large enterprises as it mitigates the manual effort required to stay abreast of the latest threats. Protecting your systems is a far less daunting task when you have an automated tool monitoring between manual assessments.
Intruder uses the same underlying scanning engine that the big banks do, so you can enjoy high quality automated security checks, without the complexity. As part of our commitment to simplicity, we use a proprietary noise reduction algorithm which separates the informational from the actionable – so you can focus on what really matters to you and your business.
Intruder ensures that your systems are being continuously monitored for a spectrum of vulnerabilities, including web-layer security problems (such as SQL injection and cross-site scripting); infrastructure weaknesses (such as remote code execution flaws); and other security misconfigurations (such as weak encryption, and services that are unnecessarily exposed). A comprehensive list of all ~140,000 checks can be found in the Intruder portal.
Scan results from other automated security testing tools can be challenging for those who are new to the world of security. Conversely, Intruder’s reports are easy to navigate, interpret and action – offering context for what could really happen if the issues we find were exploited. Moreover, the language we use deliberately strikes a careful balance between concise and coherent (for the less tech-savvy), but thorough enough that the team responsible for remediation have everything they need to ensure your systems remain secure. For this reason, using Intruder could be compared to having had an automated penetration test – as what penetration testers often do is take the results from a vulnerability scanner, interpret them by filtering out the noise, and present them in a more readable way. Exactly what we do, but in an automated way.
Want to find weaknesses that evade the capabilities of automated tools? Intruder’s expert team proactively seek out weaknesses within the assets under the protection of the Vanguard solution - even closer to what you might want from an automated penetration test. Our team will analyze your scan results considering the business context of each vulnerability; reducing the number of false positives and finding dangerous vulnerabilities that are not apparent to automated scanners.
Using clever automation, we make it possible to do this year-round, so that automated penetration testing dream is one step closer to reality.
Find out more.
.svg)
.png){kind=logo}
