Share This:

pentestingIn today’s cybersecurity landscape, many MSPs are looking to add penetration testing (pentesting) to their service offering. Pentesting is a simulated cyberattack on a system, network, or application to find vulnerabilities before real hackers can exploit them. It helps organizations identify weaknesses and improve their security.

But what should they look for when it comes to pentesting? During a recent Barracuda webinar, Tyler Wrightson, founder of Leet Cyber Security, shared some key tips regarding pentesting. Here is some key information to guide you:

Q: When it comes to evaluating pentesting solutions, what are the most important aspects to look for? 

Some important aspects to think about are the scope of the pentesting capabilities. For instance, consider what are the most important threats your customers are looking to prevent. Zero-day exploits and ransomware attacks are the top priorities we see from our customers.   

Q: On average, how long do you stay undetected during a pentest? How does that compare to threat actors? 

Typically, pentesters go unnoticed for about a day or two during their tests, but this can change depending on how strong a company’s security is. In the past, cybercriminals could stay hidden for much longer, but thanks to improvements like Managed Detection and Response (MDR) and third-party security teams, companies can now spot suspicious activities faster—sometimes within an hour. Still, detection isn’t foolproof.

Q: What controls are recommended to protect against zero-day exploits? 

When it comes to defending against zero-day exploits, it’s essential to understand if it is a vulnerability that is unknown to the vendor and with no security patch. While these can pose significant risks, attackers still need to follow an attack chain, and your existing controls can help mitigate the risks associated with them. 

Here are some key recommendations for controls: 

  1. Implement traditional security controls: Start with your foundational security measures. Tools like Managed Detection and Response (MDR) can detect unusual activity that might indicate exploitation of a zero-day vulnerability, even if the exploit itself isn’t known. 
  2. Monitor for anomalous behavior: Focus on identifying suspicious activities. If an attacker exploits a zero-day to gain initial access, they’ll likely attempt further actions, such as privilege escalation or lateral movement. Use security information and event management (SIEM) tools to monitor these behaviors. 
  3. Conduct regular penetration testing: Simulate zero-day scenarios in a controlled environment. This allows you to test your detection and response capabilities against potential exploits, helping you identify weaknesses in your defenses. 
  4. Prioritize incident response planning: Ensure your incident response plan includes scenarios for zero-day exploits. This helps you react swiftly if a vulnerability is exploited, minimizing potential damage. 
  5. Stay updated on threat intelligence: Leverage threat intelligence feeds to stay informed about emerging vulnerabilities and exploits. This proactive approach can help you anticipate potential attacks before they occur. 

Q: How can you test the encryption portion of a ransomware attack? 

Testing the encryption portion during a ransomware simulation is indeed one of the most challenging aspects. Here are some approaches you can consider: 

  1. Custom malware simulation: You can create custom fake malware that mimics the encryption behavior of ransomware. This allows you to simulate the encryption process without the risk of deploying actual ransomware. 
  2. Isolated workstation testing: Set up a workstation that is completely segmented from your main network. Configure it to encrypt files locally. This way, you can observe how your security controls respond to the encryption activity without jeopardizing your entire network. 
  3. Careful execution: It’s important to avoid the deployment of real ransomware during these tests. Ensure all team members involved understand the simulation’s scope and limitations to prevent any accidental breaches. 

By focusing on these methods, you can effectively test the encryption portion of your ransomware response without introducing unnecessary risks to your environment. 

As cybercriminals become more sophisticated, it’s important for MSPs to add on new security service offerings that can demonstrate how well their service can protect their clients from a possible attack. Watch the full on-demand webinar to learn how pentesting works and how it can help you grow your business.

Photo: Ralf Geithe / Shutterstock


Share This:
Amber Montgomery

Posted by Amber Montgomery

Amber Montgomery is a Content Marketing Associate at Barracuda MSP. With a sales background, Amber intends to bring what's worked in the past into creating content that can help MSPs grow their business. In her role at Barracuda MSP, she will focus on creating assets to enable MSPs in sales and marketing.

All Posts

Leave a reply

Your email address will not be published. Required fields are marked *