Skip to main content
Close
0 Results Found
              Back To Results

                Network Security Testing

                What is Network Security Testing?


                Network testing is a broad means of testing security controls across a network to identify and demonstrate vulnerabilities and determine risks. While the testing medium can change (wireless, ethernet, hardware/IoT, phishing emails, physical access, Dropbox placement), the end result is usually network access to protected data or systems.


                The goals of testing differ depending on overall objective but also the organization's maturity. Network testing can help validate security defenses, meet compliance mandates and test the security controls of any type of electronic data. Typical tests include:


                • Vulnerability Assessment
                • Penetration Testing
                • Specific network tests, including Wireless Network Penetration Testing
                • Red Team Testing
                • Application Security Testing


                What is Evolving with Network Security Testing?


                As new technology platforms raise new security complexities (e.g., out of the perimeter, into the cloud), IT and security teams must gain new expertise and tools, but also seek out independent testers to perform reviews.


                Additionally, growing threat sophistication and increased business risk dictates heightened security postures. Adapting compliance mandates and the increasing sophistication of adversaries means that your testing program should increase as well. In response, IT teams are testing with less scope restrictions and partnering with highly skilled vendors.


                Test with Security Experts & Proven Methodologies

                A Vulnerability Assessment has an applicability and does a very good job of testing the status of your patching program or the effectiveness of your vulnerability management program, but the bottleneck is often the human intelligence piloting the test. The only way to know how well your network infrastructure will hold up under an attack from real-world cybercriminals is to test your network with testers capable of thinking and acting just like them.

                To do so, you need

                • White hat testers with practical, hands-on experience and to look for technical, practical and focused certifications, including OSCP.
                • Ethical hackers that help you secure your network with various testing approaches. Adversarial Testing is intended to simulate an attacker using a variety of real-world threat models, including different technology and targets (social engineering, network penetration testing, and wireless testing).
                • Methodologies that set and achieve specific security goals with hands-on, practical, and highly technical testing (Goal Based Testing).

                Identifying the Right Test or Assessment for You

                When to Pick An External Penetration Test

                • When your organization wants to know what it takes to breach their perimeter.
                • Test remote-access controls.
                • For PCI compliance that requires it annually.
                • For annual (or quarterly) validation of key organizational compliance mandates (e.g. HIPAA, PCI, FFIEC).


                Watch the Video

                When to Pick An Internal Penetration Test

                • When you want to start from an internal vantage point and assume a perimeter breach.
                • To test internal security controls, firewall rules and more that limit user access.
                • When there’s concern over someone having physical access to the network or to understand what a rogue employee could do.
                • For annual (or quarterly) validation of key organizational compliance mandates (e.g. HIPAA, PCI, FFIEC).


                Watch the Video

                When to Pick A Red Team Engagement

                • When your Blue Team is ready for a challenge.
                • During a strong-security-posture period.
                • When detection & response capabilities need testing.
                • When you are ready to test adversary detection and eviction. 


                Read the White Paper

                When to Pick A Wireless Test

                • When wireless networks allow access to sensitive resources.
                • When critical data traverses the wireless networks.
                • When the compromise of a wireless network or client would be detrimental to the business.
                • When cards are processed/transmitted across the wireless network.


                Watch the Video
                Expand Your Understanding of Risk You Face

                Organizations can learn a lot about what sort of testing benefits them by looking at the lessons learned from a year of incident response engagements. According to the 2018 Incident Response Insights Report, phishing continues to be the preferred delivery method for the majority of attacks, whether targeted or opportunistic. Some 40% of incidents started with a phishing email designed to deliver malware or steal account passwords.

                A testing program that includes phishing can be used to gain a good understanding of user security awareness and identify areas for improvement. It can also be an opportunity to broaden internal or external penetration testing to simulate a common threat scenario: a motivated external attacker with little to no limitations.  Phishing tests can help you understand how security defenses measure up against most likely methods used by external threat actors, who frequently use endpoint and credentials theft.



                Read the Report

                5 Questions to Ask a Penetration Tester

                Are your penetration testers backed by knowledge and research?


                Hackers change their techniques and recycle previous tricks depending on their target. Penetration testers must be aware of all threat actor tactics and techniques used to obtain sensitive information. Our security testing experts have access to the latest threat intelligence to better protect you, plus additional insight from our Counter Threat Unit™ (CTU™) that delivers threat information, analysis, detailed knowledge on threats and vulnerabilities with proper countermeasures.

                Read the Report

                Are your experts active in the cybersecurity community?


                Cyber threats grow and evolve, compelling the testing community to gather and help identify trends and discuss new techniques to thwart attackers. Expert penetration testers who contribute to the cyber testing dialogue are the professionals you want testing your environment. We hold training sessions, grant certifications and host conferences and forums around the globe, where leading pen testers share information and conduct competitive testing workshops. Our security leaders publish research and share knowledge through technical blogs and security conference posts.

                CTU Research

                Do they emulate actual adversaries?


                An internet search will deliver a long list of companies that offer penetration testing. Their websites may include the latest buzz words or common language used by experienced penetration testers. However, not all testing vendors are the same. Secureworks uses Threat Intelligence from the CTU to emulate actual adversaries you are trying to protect from in the first place. This means our reports are relevant.

                Do your testers have a deep understanding of compliance requirements?


                Most industries must adhere to compliance and regulatory mandates. Good testing delivers great insight into your security—it doesn’t just get your checkbox stamped. Know what compliance requirements affect you, and bring questions about their testing process to the table before hiring a pen tester. Has their testing been updated recently to meet any compliance changes? How many compliance tests do they perform?

                Are your penetration testers certified in security and security testing?


                Penetration testing is a specialized field that requires additional training, knowledge of operating systems, networking and network protocols, along with a focus on offensive security. A VAR, which typically handles installations or network administrative duties, may say they can also conduct penetration testing and gap analysis—make sure you choose a security specialist instead of an IT generalist for the best results.


                Lessons From The Field: How Are Skilled Testers Infiltrating?

                Watch this webcast and hear from skilled penetration testers, Nate Drier and Trenton Ivey. The shared lessons learned from some of their most challenging engagements and the trends they are seeing with clients and their defense practices.


                View the Webcast

                Watch this Video Series:

                Technical Testing | Part 1 - 7

                Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations
                Research & Intelligence

                Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations

                Let's Talk SOC: Season 2
                Podcasts

                Cybersecurity or Cyber Insurance? Why Your Business Needs Both

                Threat Analysis

                Tampering with Conditional Access Policies Using Azure AD Graph API

                Secureworks Helps You Defend Your Enterprise at Scale
                Talk with Our Services Expert
                Close Modal
                Close Modal