KuppingerCole Report
Leadership Brief
By Paul Simmonds

Penetration Testing Done Right

Penetration Testing should be a key part of any business's assurance process, providing a level on independent testing that they are not wide open to hackers or other malicious actors; however, a penetration test is not a simple “off-the-shelf” test and needs careful design and planning.
By Paul Simmonds
ps@kuppingercole.com

Content of Figures

  1. Figure 1 Survey - Which parts of your infrastructure do you test?
  2. Figure 2 Survey - At what intervals to you perform testing?

1 Executive Summary

When done well, the results from a penetration test should provide evidence that your security investments to date were well spent and help guide your ...

Login Free 30-day Select Access Get full Access

2 Analysis

Why perform a penetration test?

Organisations perform penetration tests (pen-tests) for a multitude of reasons: “I inherited a budget with an annu ...

While the periods between penetration tests also varied greatly.

The starting point for a penetration test

Define your business risks; you need to ...

If you think you have a 100% locked down network, or securely segmented network, or a segmented VoIP network, then you will probably want to test that ...

Login Free 30-day Select Access Get full Access

3 Recommendations

If your organization is architected with firewalls, then, at a minimum, you should conduct a penetration test against all your Internet-facing systems ...

Login Free 30-day Select Access Get full Access

4 Links to Related Research

Leadership Brief: Responding to Cyber Incidents - 80209 
Leadership Brief: Top Cyber Threats - 72574 
Leadership Brief: How to get a Grip on OT ...

Login Free 30-day Select Access Get full Access

Copyright

©2019 KuppingerCole Analysts AG all rights reserved. Reproduction and distribution of this publication in any form is forbidden unless prior written permission. All conclusions, recommendations and predictions in this document represent KuppingerCole´s initial view. Through gathering more information and performing deep analysis, positions presented in this document will be subject to refinements or even major changes. KuppingerCole disclaim all warranties as to the completeness, accuracy and/or adequacy of this information. Even if KuppingerCole research documents may discuss legal issues related to information security and technology, KuppingerCole do not provide any legal services or advice and its publications shall not be used as such. KuppingerCole shall have no liability for errors or inadequacies in the information contained in this document. Any opinion expressed may be subject to change without notice. All product and company names are trademarksTM or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.

KuppingerCole Analysts support IT professionals with outstanding expertise in defining IT strategies and in relevant decision-making processes. As a leading analyst ompany, KuppingerCole provides first-hand vendor-neutral information. Our services allow you to feel comfortable and secure in taking decisions essential to your business.

KuppingerCole Analysts, founded in 2004, is a global analyst company headquartered in Europe focusing on Information Security and Identity and Access Management (IAM). KuppingerCole stands for expertise, thought leadership, outstanding practical relevance, and a vendor-neutral view on the information security market segments, covering all relevant aspects like: Identity and Access Management (IAM), Governance & Auditing Tools, Cloud and Virtualization Security, Information Protection, Mobile as well as Software Security, System and Network Security, Security Monitoring, Analytics & Reporting, Governance, and Organization & Policies.

For further information, please contact clients@kuppingercole.com.

top