The Evolution of Pen Testing

Date: June 20, 2018

Recorded June 20th, 2018 AT 1:00 PM EST

Real-world attacks don’t always align with previous pen testing techniques – Tools have caught up!

The most challenging aspect of security today is understanding the real-world effectiveness of your existing security controls.  With the latest advances in Next Generation (Next Gen), Endpoint Detection and Response, Network Segmentation, amongst others, the run-of-the-mill penetration tests that most organizations employ today simply don’t provide the level of value needed.

What is ‘advanced’ research, and why is that so critical? 

Organizations are continuously expanding their capabilities however, the Tactics, Techniques, and Procedures (TTPs) used by attackers change frequently.  Often times, it’s not as simply as applying a patch or changing a certain rule—it requires having a vast understanding of how attackers penetrate networks and the best way to detect them.

The research around how to circumvent security controls and emulate real-world simulations is more important now than ever. Building defenses directly off a specific technique is only as valuable as the attacker that may use it. Building defenses based on patterns and looking at different phases is much more desirable.

Red Team, Blue Team, Purple Team, Your Team. 

Hear David Kennedy, Founder of TrustedSec, discuss how the industry has evolved and how your organization needs to evaluate the value you’re receiving from your assessors.  Dave will be discussing some of the key points in building ‘purple’ teams, leveraging the strengths of the attack (red) and defense (blue) teams working together to reduce risk.