5 Questions to Ask a Penetration Tester
Are your penetration testers backed by knowledge and research?
Hackers change their techniques and recycle previous tricks depending on their target. Penetration testers must be aware of all threat actor tactics and techniques used to obtain sensitive information. Our security testing experts have access to the latest threat intelligence to better protect you, plus additional insight from our Counter Threat Unit™ (CTU™) that delivers threat information, analysis, detailed knowledge on threats and vulnerabilities with proper countermeasures.
Are you experts active in the cybersecurity community?
Cyber threats grow and evolve, compelling the testing community to gather and help identify trends and discuss new techniques to thwart attackers. Expert penetration testers who contribute to the cyber testing dialogue are the professionals you want testing your environment. We hold training sessions, grant certifications and host conferences and forums around the globe, where leading pen testers share information and conduct competitive testing workshops. Our security leaders publish research and share knowledge through technical blogs and security conference posts.
Do they emulate actual adversaries?
An internet search will deliver a long list of companies that offer penetration testing. Their websites may include the latest buzz words or common language used by experienced penetration testers. However, not all testing vendors are the same. Secureworks uses Threat Intelligence from the CTU to emulate actual adversaries you are trying to protect from in the first place. This means our reports are relevant.
Do your testers have a deep understanding of compliance requirements?
Most industries must adhere to compliance and regulatory mandates. Good testing delivers great insight into your security—it doesn’t just get your checkbox stamped. Know what compliance requirements affect you, and bring questions about their testing process to the table before hiring a pen tester. Has their testing been updated recently to meet any compliance changes? How many compliance tests do they perform?
Are your penetration testers certified in security and security testing?
Penetration testing is a specialized field that requires additional training, knowledge of operating systems, networking and network protocols, along with a focus on offensive security. A VAR, which typically handles installations or network administrative duties, may say they can also conduct penetration testing and gap analysis—make sure you choose a security specialist instead of an IT generalist for the best results.