How to better prioritize vulnerability remediation through automated penetration testing
As most MSPs know, small- and medium-sized businesses are the most likely targets for cyberattacks. They lack many of the resources and infrastructure of their larger counterparts and a single cyberattack can be devastating.
Analyzing and remediating vulnerabilities is an essential part of any security program. But current vulnerability management processes spit out long lists of instances that may or may not need remediation. Without knowing which can be exploited and which can lead to a data breach, the MSP is left with a firehose of information that can be overwhelming.
Penetration testing replicates a hacker’s techniques to identify the exploitable vulnerabilities and provide details on what information the hacker can access. This provides a much better way to determine what needs to be fixed to prevent a breach. Unfortunately, penetration testing is primarily performed manually—and by expensive, outscored, cybersecurity experts. The high cost limits the ability for MSPs to offer penetration testing as an ongoing service, which is why vulnerability scanning is still the primary method of analysis.
However, the advancement of artificial intelligence and machine learning has made true, automated penetration testing possible. Through automation, penetration testing should become the go-to strategy for vulnerability identification and remediation.
Preemptive testing is the best strategy
Just as an intelligent automobile owner takes their vehicle for multiple checkups and oil changes throughout the year, a neglectful car owner only goes in when a problem occurs. Preemptive maintenance is an essential part of responsible ownership and worth the investment. In cybersecurity, an ounce of prevention is worth a pound of cure. Cyberattacks have skyrocketed in frequency since the pandemic and according to CPO Magazine, the US bears the highest cost in the world for an average breach at just over $9 million.
Manual testing tactics are limited
Penetration testing, and the subsequent remediation of vulnerabilities uncovered, is an excellent technique for preventing breaches and mitigating security threats. Unfortunately, there are many barriers to enjoying the full benefits it can offer.
It can take more than a month to get the results from a traditional, outsourced penetration test. Plus, there’s the cost to consider. Depending on the size of the organization, the tests can cost $5k, $10k, or more for a one-time deal. And, most MSPs don’t have the resources on staff to provide penetration testing, so they rely on partners to deliver these tests to their clients. This leaves very little margin for the MSP, and often means it doesn’t make business sense for the MSP to offer it at all.
Automation changes the game
Typically, penetration testing is performed manually by a cybersecurity expert. Pentesters think like attackers, and good attackers have a routine which generally consists of:
- Intelligence gathering
- Scanning
- Foothold access
- Establish persistence
- Exploitation
- Post-exploitation and lateral movement
While it used to be necessary for these attacks to be performed manually, artificial intelligence and machine learning have made automating these processes a reality. Automation allows the MSP to deploy the same tools, tactics, and decisions that a cyber expert would use in the manual test. Many organizations already use automation to bolster their security, so using it for penetration testing should be a natural transition.
Automation also drastically lowers the cost to deliver a test, meaning it can be offered monthly, quarterly, or any other schedule. This makes it possible to perform testing on the same frequency as vulnerability scanning, allowing for a continuous testing and remediation cycle. Automated tests also allow the MSP to use spare resources to better manage clients’ cyber assets in other, more urgent ways.
Conclusion
Automated penetration testing is the future of vulnerability analysis and remediation, allowing MSPs to provide testing on a scheduled frequency to regularly identify and prioritize true risk. This reduces costs and the time spent on remediation, and increases overall security for MSP clients.
Alton Johnson, founder & principal security consultant, Vonahi Security, Automated Pentesting
Vonahi Security is a member of the N‑able MSP Technology Alliance Program (TAP). TAP is a growing group of trusted vendors we’ve teamed up with to offer a variety of third-party integrations and services to help MSPs better serve their customers. This blog is part of the TAP blog series through which we will provide you with relevant and interesting guest blog contributions from our TAP members.