Why Modern Penetration Testing Services Need a Data Driven Approach

BreachLock Attack Surface Discovery Blog Series (2 of 6)

Guest Author: Edward Amoroso
Chief Executive Officer, TAG Infosphere
Research Professor, NYU

The traditional view most practitioners have regarding penetration testing involves the creative hacker, working in an unbounded and unstructured environment trying to locate bugs, exploitable vulnerabilities, or other gaps in a security surface. This is certainly reasonable in many contexts, because removing structure from the test environment does allow for exploration of unusual or uncommon attack paths.

That said, we believe the modern penetration testing will benefit considerably by incorporating a more data-driven approach. Such attention would be designed to improve the effectiveness of the tester versus introducing constraints. We believe that the increased context that comes from using data – and specifically, data in the context of a world class platform, will increase the value of the results found during penetration testing.

Penetration Testing

Key aspects of modern penetration testing include many useful and creative tasks that help to identify and reduce vulnerabilities and risks to the enterprise, especially ones that can be exploited by external actors on the Internet. Some typical aspects of modern penetration testing, whether done using internal employees or an external consulting firm, include the following key functions:

• Identification of Vulnerabilities – Penetration testing simulates real-world attacks that malicious actors could exploit. As any cyber practitioner will attest, this is the primary reason most enterprise teams engage in such testing.
• Assessment of Risk – Penetration testing, when curated over time in combination with the context of the asset, can help assess exploitable risks. This is key, because many risk-related tasks are notional, so the tangible results from testing are especially helpful.
• Provide Evidence of Risk – Penetration tests can serve as tangible proof-of-concept evidence of risk and vulnerabilities. This is helpful when business unit leaders are not sufficiently attentive to security. Test results can drive them to action.

The challenge with traditional penetration testing is that manual projects can often be ad hoc in how they are set up and often sporadic in their frequency. One recommended approach to improving the structure and purpose of penetration testing, especially in the context of platform support, involves focusing more on data as a means for driving test strategy. This allows for data analytics to become woven into the test design, interpretation, and action.

Data Driven Approaches

As suggested above, a more data-driven decision-making approach to penetration testing is important to any enterprise program taking a more offensive approach. Key aspects of a data driven approach to offensive security include attention to the following areas of the protection ecosystem:

• Threat Intelligence – Data analytics enables organizations to collect, process and analyze threat intelligence. By monitoring indicators of compromise (IoCs), attack patterns and vulnerabilities, defenders gain real-time insights.
• Behavioral Analytics – Understanding user behavior is crucial. Data-driven models detect anomalies, flagging suspicious activities. For instance, sudden spikes in data exfiltration or unusual login patterns trigger alerts.
• Automated Incident Response – Data-driven decision-making streamlines incident response. Artificial intelligence (AI) and machine learning (ML) algorithms can analyze historical attack data, predict attack vectors, and recommend optimal responses.

Integrating Data Driven Approaches to Penetration Testing

Ultimately, the objective is to combine a data driven approach with the penetration testing strategy of an organization. This requires attention from management to ensure that coordination is in place between different groups operating different aspects of the security infrastructure (e.g., threat intelligence, incident response). But it also requires coordination with a world-class vendor who can support continuous, automated support for this integration goal.

How BreachLock Supports a Data Driven Approach

The commercial BreachLock platform serves as an excellent means for combining continuous attack surface discovery with advanced penetration testing in the context of a data driven approach. The platform uses collected data to help in-house penetration testing experts make well-informed decisions around vulnerability identification, prioritization, and mitigation. The result is an integrating approach to offense and defense.

The objective for enterprise teams should be to find a healthy balance in how they leverage the creative output of offensive security with the dependable support of a commercially supported platform. BreachLock has developed the type of offering that helps customers achieve this balance with attention, as suggested above, on a data-driven approach to test strategy, design, and implementation.

About BreachLock

BreachLock is a global leader in Continuous Attack Surface Discovery and Penetration Testing. Continuously discover, prioritize, and mitigate exposures with evidence-backed Attack Surface Management, Penetration Testing, and Red Teaming.

Elevate your defense strategy with an attacker’s view that goes beyond common vulnerabilities and exposures. Each risk we uncover is backed by validated evidence. We test your entire attack surface and help you mitigate your next cyber breach before it occurs.

Know your risk. Contact BreachLock today!

About TAG

TAG is a trusted next generation research and advisory company that utilizes an AI-powered SaaS platform to deliver on-demand insights, guidance, and recommendations to enterprise teams, government agencies, and commercial vendors in cybersecurity, artificial intelligence, and climate science/sustainability.

Author

Ann Chesbrough