2-10: Penetration Testing

The objective for domain 2-10, The National Cybersecurity Authority states:

“To assess and evaluate the efficiency of the organization’s cybersecurity defense capabilities through simulated cyber-attacks to discover unknown weaknesses within the technical infrastructure that may lead to a cyber-breach.”

Having effective penetration testing can be crucial to discover weaknesses that may have passed undetected. Tenable allows an organization to identify exploitable vulnerabilities and assists a penetration testing team to effectively plan simulated cyber-attacks that discover unknown weaknesses within the technical infrastructure that may lead to a cyber-breach.

Exploits leveraged in attacks are imported into various tools and services when the attack is made public. Common exploit frameworks are easy to obtain and are used by both security researchers and malicious attackers. Security analysts can effectively reduce risk to the organization by analyzing an exploit's source tool and the most common targets. Tenable Vulnerability Management provides security operations teams a centralized view of common vulnerabilities and exploit frameworks present in the organization’s environment.

Many organizations conduct internal red team (offense) and blue team (defense) exercises to gain insight into their exposures to attackers and their ability to defend against attacks. These exercises are a great way to harden the infrastructure before an official audit or malicious attack occurs. Having detailed information about exposures in the infrastructure before commencing such exercises enables red and blue teams to more effectively uncover exposures that a sophisticated auditor or attacker would find. While exploit frameworks are a great start, they are simply tools that are only as effective as the skill of the person using the frameworks.

Using the Pen Testing Team: One-Stop-Shop Tenable Vulnerability Management dashboard to drill down into the Explore Findings view displays other attributes such as CPE, VPR Key Drivers, and CVSS Vectors. Each of these filters helps red and blue teams to narrow their focus and discover risks that may require prioritization over other vulnerabilities.

Vulnerabilities can also be widely exploited shortly after publication as malware authors reverse engineer the fix and develop '1-day exploits' that can be used to attack organizations. Tenable Vulnerability Management easily identifies assets most vulnerable to malware and other exploitation frameworks. This dashboard provides the necessary context to understand which assets are vulnerable to malware exploitation. Organizations can better communicate cyber risk to the business by supplying context and associated metrics.