BI.ZONE has launched a Continuous Penetration Testing (CPT) service meant to drastically improve the company’s clients’ defense against external cyberattacks.
Penetration testing has been an important cybersecurity tool for a long time. Using an array of different methods experts imitate the behavior of adversaries who try to attack the organization. This way most of the vulnerabilities in a client’s cyberdefense become apparent. Traditionally penetration testing that reveals most flaws is conducted once a year or once a quarter, but a lot of changes can happen between tests. Sometimes they influence cybersecurity in unexpected ways and are uncovered only during the next testing session. To solve this problem BI.ZONE has developed a service that uses a new approach to protecting external IT perimeters. It automates many tasks, and a client’s cybersecurity is constantly checked for integrity. This allows to find and fix new vulnerabilities in a swift manner. CPT also includes expert support from BI.ZONE’s analysts and a suite of optional services.
"Even though methods of building external IT infrastructure have changed a lot in the last few years, its protection remains one of the cornerstones of any organization’s online security," says Evgeny Voloshin, director of the expert services department at BI.ZONE. "We offer a new multi-level approach to defense from external attacks. As a part of this service we have automated tasks that previously required a whole team of experts to be formed. This reduces costs for our clients, and security flaws get eliminated faster due to constant perimeter control. It should also be noted that when a company’s infrastructure changes there is no need to repeat a traditional penetration test."
BI.ZONE’s data shows that Russian companies’ employees regularly open emails that masquerade as correspondence from colleagues and partners but in reality contain malware. Such letters are getting harder to distinguish from actual mail with each passing year, and now 3 out of 10 employees are vulnerable to phishing. To better teach customer’s staff about cyber threats and evaluate their security team’s effectiveness BI.ZONE’s experts recommend conducting simulations of phishing attempts and targeted hacker attacks, which are available in CPT as an optional automated feature.
External IT infrastructure security can also be improved by another optional feature of CPT — automated load testing, during which a controlled external attack is performed. Its aim is to overload the target application and prevent it from working correctly. This allows to identify weakest links in applications’ architecture and ensure that company’s services will be available in case of a real attack.