Virtual thieves, attackers, and accidental mishaps all pose significant threats to your information assets. To understand potential exposures and establish controls that protect corporate assets, businesses perform vulnerability assessments and penetration tests against their infrastructure. The purpose of these tests is to mimic real world attacks and identify risks before malicious users can exploit them.
In this whitepaper VIOPONT provides insight on how traditional attacks have evolved in today’s world … and why it’s important for security professionals to keep up with the trends and adapt their own security testing.
From a historical perspective, traditional technology testing exercises were relegated to using scanning tools to identify open ports and services at the network layer. Once open ports were identified, efforts would shift to understanding the potential impact and exposure so vulnerabilities could be remediated before an incident occurred. Numerous remotely exploitable vulnerabilities present in external facing Windows NT or 2000 servers were motivators for organizations to start introducing defenses and countermeasures beyond the network layer to protect vulnerable systems. With advances in the development of more secure operating systems and perimeter defense technologies, the landscape of traditional remotely exploitable systems and network layer attacks has changed. Because remote vulnerabilities are no longer as pervasive in today’s technology landscape, attempts to rely solely on direct perimeter exploits are usually less successful; as a result, malicious users have realized that a blended approach is critical to their success. Evolving traditional attacks into new, more sophisticated attacks, is commonplace.