Securing business data

Dynamic Penetration Testing

Dynamic Penetration Testing

CNS Dynamic Penetration Testing combines and enhances all the positives of Manual Penetration Testing and Automated Vulnerability Scanning, eliminates any of the negatives of both then layers effective remediation management (facilitated by the CNS Risk Profiling Algorithm) over the top. The service is an on-going Dynamic service that provides compelling perimeter monitoring using our Continuous Testing Services.

Video

Case Study: Dynamic Penetration Testing

play the video

DPT is about giving the client context for the risks associated to the vulnerabilities found either individually, collectively or specifically to a host, data set or system. Using the CNS Risk Profiling Algorithm, customer-centric risk factors, industry information and the CNS Cyber Intelligence Network we are able to identify and prioritise where the clients precious resources should be sent in order to get maximum risk reduction for minimum effort.

Our Dynamic Penetration Testing (DPT) service answers this security deficit, by enabling companies to gain regular updates on the status of their security. The clever software interface aggregates multiple strands of security information, displaying it in an intuitive, easily accessible portal. DPT is about giving our client’s context, for the risks associated to the vulnerabilities found either individually, collectively or specifically to a host data set or system.

Using the unique CNS Risk Profiling Algorithm, customer-centric risk factors, industry information and the CNS Cyber Intelligence Network, we are able to identify and prioritise where the client’s precious resources should be sent in order to get maximum risk reduction for minimum effort. DPT allows us to provide organisations with continuous assurance that their networks are secure.

What does peace of mind look like?

Here are some screen shots of the DPT interface, its current functionality and some recent additions available to current customers.

A real time graphing of risk score changes – Giving users up to the minute information on
changes that are occurring, whilst providing contextual information on issues that have occurred
previously.

dashboard

Risk overview - Breakdown of risk points by area, including real time graph, and list of all
hosts within that area, and all issues affecting those hosts. The information provided gives
the user a detailed understanding of the risk environment at a glance.

byarea

SSL Issues - Various SSL issues now include list of non-compliant SSL ciphers to help with
remediation of SSL/TLS config.  These lists are updated every time a host is scanned –
The user receives relevant information on SSLs including what remediation needs to
be put in place to alleviate the risk.

sslcipherinfo

Software Vulnerabilities - If an out of date piece of software is detected, then its version number
is shown to help track it down, alongside the recommended "fixed" version. 

softwareversions

Regression
- If an issue was closed, then detected again at a later date, it is flagged as a regression,
rather than a new issue, this can be handy in detecting failures of procedure, where a host VM has
been rolled back to an earlier version, or where a gold image has not been updated.  

regressions

Common Issues solved by Dynamic Penetration Testing

  • Issues & vulnerabilities repeat every year
  • Resolved issues reappear every year
  • In remediation there is a clear disconnection between Application and Server Team - e.g Server Builds
  • Reports identify too many issues - remediation time is spent chasing relatively low level risks, not dealing with the root cause.
  • Tests/ Scans are not a realistic attack - its not what hackers would do.

More Issues

  • Reports provide an objective view of the risks, value of data and assets. It is Pen Tester Centric not the client view. 
  • Customer has limited resources which need to be spent in the most efficient manner.
  • Current test reports individual vulnerabilities and doesn't group or categorise them.
  • Often it takes 12 months (with change cycles) to fix things.
  • Lots of things changing all the time - vulnerabilities, Network, Apps, IP ranges etc.
  • New vulnerabilities are found in each test so effectively the results be dramatically out of date very quickly.
  • Reports are about individual vulnerabilities not overall risk
  • Risk is about something bad happening, not a technical issue.

Dynamic Penetration Testing Appointment Booking

Book an appointment to learn more about our Dynamic Penetration Testing services using the form below:
Please contact me to schedule this appointment via:

call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere