When traditional penetration testing is not enough to defend against the evolving cyber threats, organizations are obliged to extract the cyber threat intelligence (CTI). Intelligence-led penetration guides the process of penetration testing to be conducted, the attack methods to be stimulated, and the testers to focus on the resources during the process. It provides value addition to organizations, which provides better ability to the decision-makers for evaluation and strategy. The difference between traditional penetration testing and cyber threat intelligence-driven penetration testing is that the latter is based on rich contextualized intelligence, which gives a clear understanding of every phase of testing. It helps form a more structured and effective way to mitigate cyber risk, avoid cyberattacks, and understand the effectiveness of all technical security controls that were placed by the enterprise.
CTI data gives input to penetration testing planning, data enrichment, and situational awareness that the analyst will have. This adds more context to the overall penetration testing strategy.
Penetration testing, often called pen testing, is one of the several techniques used to verify cybersecurity posture and provide a level of assurance to the organization that its cyber defenses are functional. It is a way of testing defenses against an adversary who mimics a cybercriminal actor. Penetration testing is answering a simple question, “What would a cybercriminal do to harm my organization computer systems, applications, and its network?” An efficient penetration test helps find the gaps in the security tools, multiple attack vectors, and misconfiguration, if any. Accordingly, the organization can prioritize the risk, fix it, and improve the overall security response time, and that’s where we need to understand how the CTI element will help make the penetration test more enriched and effective.
Purpose of intelligence-led penetration testing
The purpose of intelligence-led penetration testing is to assess and provide insight to an entities’ resilience capabilities against a real-world simulated cyber incident intelligence. For example, penetration testing should be conducted within a set scope and incorporate a risk management process.
Phases of Penetration Testing
Penetration tester begins by gathering as much information about the target as possible. Then they identify the possible vulnerabilities in the system by scanning and launching an attack to analyze each vulnerability and the risk involved. Finally, a detailed report is submitted to higher authorities summarizing the results of the penetration test. Penetration testing can be broken down into multiple phases, which will vary depending on the organization and type of penetration test.
1. Reconnaissance and Planning –
Planning about gathering maximum information about the target, including IP addresses, mail server network topology, etc. In this phase, the penetration tester also defines the scope, the systems to be addressed, and the testing methods to be used. An expert penetration tester will spend most of the time in this phase as it will help in the further phases of the attack.
2. Scanning –
Based on the data collected in the first step, the attacker will interact with the target with an aim to identify the vulnerabilities. This helps a penetration tester launch attacks using vulnerabilities in the system, including the use of tools such as port scanners, pen-tools, vulnerability scanners, and outlook mappers. The scanning process can be either dynamic or static.
3. Exploitation –
This is the step where most penetration testers fail as it requires special skills and techniques to launch an attack on the target system. Using these techniques, a penetration tester will try determining the extent to which the computer system, or applications, or network can be compromised.
4. Risk analysis and Recommendations –
After the penetration testing is complete, the final goal is to collect the evidence of the exploited vulnerabilities. At this step, the penetration tester also provides some useful recommendations to implement to improve security controls.
5. Report generation –
In the final step, report generation is conducted where the results of penetration testing are compiled into a detailed report. Varun Srivastava believes that with a proof-of-concept, which helps decision-makers take appropriate decisions to take the penetration test forward.
Penetration tests can help find the vulnerabilities and improve your overall security posture. Isn’t it great to know the vulnerabilities and remediate them before any malicious actor reaches them? Apart from the stages of a penetration test, the final report reflects the valuable effort that a penetration tester has invested and gives informative results to an organization.
The EC-Council Certified Security Analyst (ECSA) certification is a widely accepted penetration testing program by large business houses as an essential cybersecurity process for their organization. The program provides real-world, hands-on testing experience covering the modern infrastructures, operating systems, and application environments while focusing on the documentation and writing a penetration testing report.
|EC-Council University conducts CyberTalks weekly by renowned cybersecurity experts who liberally come forward to share their knowledge and experience with other seeking aspirants. This article is an abstract from the CyberTalk series by speaker Varun Srivastava. Varun is based in UAE and has 12+ years of experience in cybersecurity. He currently heads cyber threat intelligence function for Mubadala / Injazat Data Systems, which is based out of Abu Dhabi, UAE. In his webinar, he covers different aspects of intelligence-driven penetration testing. Watch the video now!|