Penetration testing – Is the end in sight?

Written by Chris Marrison, EMEA Technical Director, Infoblox

With the attack surface, or perimeter, expanding exponentially, and attackers inside the network, the focus should now be on finding and stopping them – concentrating on how data leaves the system – says Chris Marrison

Penetration testing is the practice of examining an IT network to identify vulnerabilities that could be exploited by an attacker seeking to gain access.

Potential entry points can be detected by carrying out ‘white hat’ attacks on externally-facing parts of an organisation’s infrastructure, such as its web servers, email servers, and firewalls.

But these potential entry points are increasing in number as networks expand both in size and complexity.

BYOD, the cloud, and shadow IT are among the recent phenomena that have led to an increase in the number of devices connected to networks, each one using a growing range of business and personal applications.

The addition of so many devices and applications means that network boundaries have expanded to such an extent that they have almost dissolved entirely. Networks are essentially amorphous, and the imminent explosion of devices that the Internet of Things is set to introduce will see networks redefined further still.

As billions of connected devices continue to expand and change the network perimeter however, so the number of potential points of entry for attackers will increase. After all, the more miles of perimeter fencing there are to patrol, and the more potential access points, the more challenging it will be to keep the attackers out.

This being so, one would assume that focusing on penetration testing should be more important than ever. However, this may not necessarily be the case.

Already inside
Every single one of the enterprise networks tested in a recent exercise by Cisco was found to have suspicious traffic going to websites that hosted a form of malware, so it’s not unreasonable for organisations to believe that their network has already been compromised.

And with two thirds of breaches remaining undetected for months, there should be less of a focus on whether a system has been compromised, and more on what to do following that compromise.

With perimeters continuing to grow and shift in space, and with no firewall clearly being 100 percent effective, IT security teams should consider taking a new approach to protecting their network.

Given that malware is likely to be already inside the system, fewer resources should be spent on measures such as penetration testing, and more invested on finding effective methods of monitoring for, rooting out, identifying and taking remedial action against these existing threats.

Once an organisation acknowledges the likelihood of its network being compromised, it’ll be quicker in identifying and isolating the malware within its system.

New threats
Cyber-attacks were once used by hackers as a way of gaining notoriety or prestige, or simply to make a point. To be effective, these attacks tended to be noisy in nature, making them relatively easy to identify and quarantine.

Nowadays however, the prime motive of such attacks tends to be monetary gain. The new, sophisticated breed of advanced persistent threats (APT) are specifically designed to be invisible. Silently entering a network, they remain undetected for days, weeks, and sometimes months at a time, leaching valuable business, personal or financial information.

Connected to an internal system, an organisation’s computers were once protected by a corporate firewall. Today, the freedom offered by increased mobility means that users have continuous access to the Internet across a choice of devices, allowing them to download applications and content wherever and whenever they choose, greatly increasing the risk of their network being compromised.

Often the result of spam or a spear-fishing campaign, end-users may click on an innocuous looking link within an email or document, making a connection with a website from where the main element of an attack will be downloaded.

Indeed, and perhaps surprisingly, the reliance by APTs on this tactic means that almost half of compromised machines are found to have no actual malware on them.

At the heart of the network
Used by nearly all network communication protocols to connect with their destination domains, the Domain Name System, or DNS, is widely considered to be the address book of the Internet.

Similarly, DNS is used by APTs as a way of “calling home” and receiving instructions from their Command and Control servers, downloading additional malware payloads, and stealing sensitive corporate information.

At the heart of the IT network, it’s here in the DNS that APTs can be most effective, one they’ve passed undetected through the perimeter. And it’s here, at what is effectively a choke-point for detecting malware, that IT security teams should focus their attention.
Rather than concentrating exclusively on what’s making its way into the system, organisations should now start looking inward at what’s making its way out.

About the author
Chris Marrison is EMEA Technical Director at Infoblox where he is responsible for the Pre-sales and Professional Services teams across the region. Chris has over 21 years of experience in the IT industry. Prior to joining Infoblox, Chris was responsible for building the core internet services for Virgin.Net, Which Online, and NTLWorld, before moving to a business oriented ISP which specialised in providing value-added services to multi-tenant buildings funded by Canary Wharf Group, British Land and others. Outside of work, Chris enjoys photography, scuba diving, motorcycling and shooting.

About Security Buyer

Security Buyer is the leading authority in global security content, delivering expert news, in-depth articles, exclusive interviews, and industry insights across print, digital, and event platforms. Published 10 times a year, the magazine is a trusted resource for professionals seeking updates and analysis on the latest developments in the security sector.

To submit an article, or for sponsorship opportunities, please contact our team below.

Rebecca Spayne picture 2025

Rebecca Spayne

Managing
EDITOR

Georgina Turner image

Georgina Turner

Sales
Manager

Afua Akoto image - Security Buyer

Afua Akoto

Marketing Manager

Read the Latest Issue

Follow us on X

Follow us on X

Click Here

Follow us on LinkedIn

Follow us on LinkedIn

Click Here

Advertise here

Reach decision makers and amplify your marketing

Advertise here

Click Here

Related News

IDIS

IDIS launches Edge AI Plus Camera Range

IDIS’s new Edge AI Plus Camera range gives users more flexible, affordable options to upgrade their video systems with advanced AI…
ASSA ABLOY Opening Solutions

Digitalising access and optimising workflows

Digitalization is high on the agenda, or well under-way, in all kinds of commercial environments. As part of this process…
Dallmeier

The new AI High Resolution Counting App from Dallmeier

The new Dallmeier AI High Resolution Counting App enables precise counting even with a large number of people and vehicles…
Environfence

Noise-reducing 12K Envirofence by Jacksons Fencing

Noise-reducing 12K Envirofence by Jacksons Fencing installed at Travis Perkins’ new Coventry depot – A case study
TDSi

TDSi Launches UK GARDiS Installer Training

Integrated Access Control and Security manufacturer TDSi announces that it is offering a free Training Kit to individuals taking part…
OneLink

Product Spotlight – Gallagher’s OneLink

Gallagher Security presents, OneLink – the product that is elevating remote security through the power of the cloud 
Pinaccle systems

Pinnacle Systems further supports Installers and System Integrators

Pinnacle Systems has launched the Pinnacle Partner Programme, a new initiative designed to provide enhanced support for installers…
Stephen Tickle

Comelit-PAC Appoints Stephen Tickle as Regional Sales Manager

Comelit-PAC has appointed Stephen Tickle as its new Regional Sales Manager.  Stephen will focus on supporting PAC’s access control…
Intersec Saudi

Intersec Saudi Arabia returns with record exhibition space

Intersec Saudi Arabia, the premier industry platform for security, safety and fire protection, will return to the Riyadh…
Abloy UK

Abloy Academy breaks attendance records

Abloy UK has achieved record breaking attendance at its Academy, with more professionals than ever attending its…
Scroll to Top