Hi. Welcome to Ingram Micro.

Please choose your role, so we can direct you to what you’re looking for.

If you’d like to learn more about Ingram Micro global initiatives and operations, visit ingrammicro.com.

Everything you need to know about continuous security and how to ask the right questions

Vulnerability vs. penetration testing

February 16, 2021

Everything you need to know about continuous security and how to ask the right questions
If only network security was as easy as setting it up and never looking back. Unfortunately, that’s not the case. Not only does every business need security, but they need to stay on top of it at all times. Nobody gets a free pass. That’s what continuous security is all about: monitoring not just the infrastructure and environment, but also everything from firewalls to the devices people carry. Looking for new and existing vulnerabilities to prevent somebody with malicious intent from gaining access to your data requires vigilance.
 
Two key strategies for maintaining continuous security
Vulnerability testing and penetration testing. You may have heard of them, but when these terms get thrown at you or your clients, it’s intimidating. So let’s break ‘em down:

 

  • Vulnerability testing (aka vulscan)Think of it as a snapshot in time of the existing vulnerabilities in your environments. Using scanning tools to get an overview of the environment (everything from IP addresses to URLs and more), a cybersecurity pro can review the results and give comprehensive recommendations that you won’t find from a DIY vulnerability scan. It’s cost effective, especially for internal networks, but it’s the bare minimum for security. In most cases, it’s recommended to perform regular vulnerability scans when you’re between scheduled penetration tests, which occur less frequently.
  • Penetration testing: A Network Penetration Test Assessment, sometimes called a “pen test,” is a fully simulated hack into your network. Sounds scary, but the only thing to fear is the results. Here’s how it works: certified ethical hackers (yup, that’s a real thing) not only identify vulnerabilities through a vulscan, they follow up by attempting to gain access to your network and environments in order to make a clear set of cybersecurity recommendations.

What’s right for you?
How do you determine which path to go down, when you don’t even know the right questions to ask? Well, these are just a few questions you should be prepared to answer from a good tester: 

 

  • What are your specific security compliance requirements?
  • Do you understand the difference between a pen test and vulscan?
  • Do you have specific concerns regarding your website (i.e., requirements for payment cards)?
  • Do you have a full audit of your internal assets and IP addresses?
 
If you can answer these questions, you’re on your way to talking the talk and eventually walking the walk to help scope out what you or your client is looking for, along with any associated costs with maintaining continuous security. 
 
Continuous security in the new normal
Adding to last year’s string of bad news, social engineering hacks tripled from the previous year. With more employees than ever working from home in 2021, maintaining a comprehensive look at your cybersecurity is essential. Basically, this entails people hacking into your system through email phishing and phone campaigns. Its rise is directly attributed to co-workers not checking in with one another through small day-to-day interactions. Vulnerability testing can help ensure employees stay on their toes, even in their jammies.
 
And it’s not always the employees being careless in their living room. When IT teams were forced to make changes and move quickly with major firewall configurations, mistakes were bound to happen and were not necessarily caught in real time. If your cybersecurity is not up to date with these changes, vulnerabilities will eventually emerge.
 
Ready to take the next step in cybersecurity?
One thing about cybersecurity that has always been true: it’s not the technology or the tools causing these cracks, it’s often the people within your organization. That’s why Ingram Micro offers its partners and their customers a full portfolio of education and training services.
 
Getting a security assessment is just the tip of the iceberg—recommendations may include costly purchases. When partners bring in Ingram Micro to do agnostic third-party testing for their client, it removes your conflict of interest when it’s time to sell remediation products and services. You can get certified with products that tie into security and end-client employee awareness training.
 
To find out how best to prepare your clients for vulnerability and penetration testing, talk to Ingram Micro today.

 

Learn More