Mar 29, 2024The Hacker NewsPen Testing / Regulatory Compliance

Network penetration testing plays a vital role in detecting vulnerabilities that can be exploited. The current method of performing pen testing is pricey, leading many companies to undertake it only when necessary, usually once a year for their compliance requirements. This manual approach often misses opportunities to find and fix security issues early on, leaving businesses vulnerable to expensive cyberattacks and potential breaches. However, new technologies using automation and AI have revolutionized the process, making regular network pentesting easy and affordable. We’re now in the golden era of pentesting, where every company can assess the security of their networks without breaking the bank.

Automating pen testing is a game-changer

Automation in cybersecurity is becoming a big deal and it’s only going to get bigger. Nowadays, we need automation to help deal with the fact that there just aren’t enough cybersecurity pros to go around. Businesses can’t keep up with all their security needs just using people, even if they get some help from outside services or contractors. According to the United States National Institute of Standards in Technology (NIST), by 2025, a lack of available cybersecurity workers combined with simple negligence will cause more than half of major cybersecurity problems.

Getting into security automation and AI is a game-changer for companies wanting to beef up their cyber defenses without having to hire a bunch of extra people. Especially when money is tight, automating security is a smart move because it’s cheaper, faster, and just as good as the old-school way of doing things manually. Automated pentesting delivers unparalleled security benefits at a fraction of the price of manual pen testing. Companies can now opt for regular, on-point and wallet-friendly automated pen tests, empowering them to find weak spots and mitigate risk proactively.

8 Benefits of Automated Network Pentesting

Network penetration testing is important for keeping a company’s network security resilient and ready for anything hackers might throw at it. Here’s a quick rundown of eight benefits that an organization gets from assessing their networks regularly with pentesting.

1. Finding and Fixing Weak Spots: Regular pen tests help IT professionals spot problems in your networks and devices before the bad guys do. This means you can patch things up or work around them, making it harder for hackers to sneak in or steal data.
2. Catching What Other Tools Miss: Pen tests mimic real hacker attacks, finding security holes that vulnerability scans might overlook. This includes checking all of the factors that could lead to an intrusion like making sure your user permissions are tight and your security policies work in real life.
3. Spotting Where Operations Can Improve: It’s not just about the tech. Pen testing can also show IT professionals where a company’s security processes, staff awareness, or response times might be lacking. Fixing these areas makes an organization’s overall security stronger and more resilient.
4. Avoiding Downtime and Money Loss: Catching vulnerabilities early helps organizations avoid damaging cyberattacks and dodge breaches that could cost a company a fortune in money and time offline. Think about avoiding legal headaches, fines, and the costs of cleaning up a mess, not to mention keeping your good reputation and customer trust. According to a 2023 survey by Kaseya, more than half of the IT professionals polled said that their company lost over $50,000 to cybersecurity incidents.
5. Staying on the Right Side of Regulators: Data protection regulations have proliferated on the regional and national levels. Plus, insurers can require regular security check-ups to issue and maintain cyber insurance policies. Those rules often include pen tests.
6. Getting Inside a Hacker’s Mind: Pen tests give you the lowdown on how attackers think and what tricks they use, giving IT professionals the edge they need to beef up their company’s defenses and get everyone on the team in a security-first mindset.
7. Putting Your Incident Plan to the Test: You can use pen tests to see if your plan for dealing with attacks works when push comes to shove. It’s all about being ready to spot, handle, and bounce back from security problems. Having a tested incident response plan can save 35% of the cost of an incident.
8. Making Your Customers Feel Secure: Showing that you’re serious about security by doing regular pen tests can make your customers trust you more. People like knowing their data is in safe hands.

Don’t fall for the trap of only pentesting for compliance

Just doing network pen testing once per year to check a box isn’t enough these days. Cyber threats move and evolve lightning-fast today. A reactive approach leaves a lot of holes in a company’s defense that bad actors could slip through. Waiting too long between pen tests means a company might not catch easily fixed issues until after hackers have already taken advantage, which can lead to an expensive cybersecurity nightmare.

Just doing the bare minimum to meet compliance standards isn’t enough to stand up to the new, sophisticated cyberattacks that cybercriminals are launching at a record pace. The advent of widely available AI hasn’t just revolutionized cybersecurity. It has also revolutionized cybercrime. Companies need to be ready for the deluge of novel cyber threats that are headed their way. Pen testing helps IT professionals find the cracks that bad actors could slip through before there’s trouble.

Why should I pen test regularly?

Now is the perfect time for companies to get serious about regular network pen testing, thanks to automation. Here’s why every company should start using automated network pentesting immediately:

• It saves money – Automated network pen testing is much cheaper than the old-school manual way. A company used to need to hire expensive skilled people or outsource the task, a scenario that was both slow and pricey. Not anymore. With automation IT professionals can do pen tests both frequently, and most importantly, on a dime.

• You can scan more often – The digital world changes fast, with new weak spots popping up all the time. Automation lets you run pen tests a lot more often, keeping a constant watch for trouble. Automated tools like vPenTest from Vonahi Security can assess your systems and networks much more quickly than a person can with no IT team burden.

• Better quality and consistency – Automated pen testing hits the mark every time, running the same checks consistently without human mistakes. These tools are super accurate, spotting problems precisely and giving IT pros the lowdown on how to fix them. This not only bumps up the quality of a company’s security checks but also helps the IT team keep track of how things are improving over time.

Automate network pentesting with vPenTest

For any company wanting to up their cybersecurity game, using automated solutions like vPenTest from Vonahi Security is a no-brainer. vPenTest is a comprehensive, on-demand network penetration testing solution designed for IT teams. With the power of automation and the latest methodologies, vPenTest enhances your security posture by making pen testing faster, more accurate, and cost-effective. vPenTest helps get you more bang for your buck. With vPenTest, your network assessments cover more ground, enabling you to uncover and remediate your exploitable vulnerabilities before they become a real problem. Say goodbye to manual processes and hello to the golden age of automation with vPenTest. Learn more about vPenTest today!

About Vonahi Security

Vonahi Security, a Kaseya Company, is a pioneer in building the future of offensive cybersecurity consulting services through automation. vPenTest from Vonahi is a SaaS platform that fully replicates manual internal and external network penetration testing, making it easy and affordable for organizations to continuously evaluate cybersecurity risks in real-time. vPenTest is used by managed service providers, managed security service providers, and internal IT teams. Vonahi Security is headquartered in Atlanta, GA.

Feb 29, 2024NewsroomThreat Intelligence / Cyber Threat

Cybersecurity researchers have disclosed a new attack technique called Silver SAML that can be successful even in cases where mitigations have been applied against Golden SAML attacks.

Silver SAML “enables the exploitation of SAML to launch attacks from an identity provider like Entra ID against applications configured to use it for authentication, such as Salesforce,” Semperis researchers Tomer Nahum and Eric Woodruff said in a report shared with The Hacker News.

Golden SAML (short for Security Assertion Markup Language) was first documented by CyberArk in 2017. The attack vector, in a nutshell, entails the abuse of the interoperable authentication standard to impersonate almost any identity in an organization.

It’s also similar to the Golden Ticket attack in that it grants attackers the ability to gain unauthorized access to any service in a federation with any privileges and to stay persistent in this environment in a stealthy manner.

“Golden SAML introduces to a federation the advantages that golden ticket offers in a Kerberos environment – from gaining any type of access to stealthily maintaining persistency,” security researcher Shaked Reiner noted at the time.

Real-world attacks leveraging the method have been rare, the first recorded use being the compromise of SolarWinds infrastructure to gain administrative access by forging SAML tokens using compromised SAML token signing certificates.

Golden SAML has also been weaponized by an Iranian threat actor codenamed Peach Sandstorm in a March 2023 intrusion to access an unnamed target’s cloud resources sans requiring any password, Microsoft revealed in September 2023.

The latest approach is a spin on Golden SAML that works with an identity provider (IdP) like Microsoft Entra ID (formerly Azure Active Directory) and doesn’t require access to the Active Directory Federation Services (AD FS). It has been assessed as a moderate-severity threat to organizations.

“Within Entra ID, Microsoft provides a self-signed certificate for SAML response signing,” the researchers said. “Alternatively, organizations can choose to use an externally generated certificate such as those from Okta. However, that option introduces a security risk.”

“Any attacker that obtains the private key of an externally generated certificate can forge any SAML response they want and sign that response with the same private key that Entra ID holds. With this type of forged SAML response, the attacker can then access the application — as any user.”

Following responsible disclosure to Microsoft on January 2, 2024, the company said the issue does not meet its bar for immediate servicing, but noted it will take appropriate action as needed to safeguard customers.

While there is no evidence that Silver SAML has been exploited in the wild, organizations are required to use only Entra ID self-signed certificates for SAML signing purposes. Semperis has also made available a proof-of-concept (PoC) dubbed SilverSAMLForger to create custom SAML responses.

“Organizations can monitor Entra ID audit logs for changes to PreferredTokenSigningKeyThumbprint under ApplicationManagement,” the researchers said.

“You will need to correlate those events to Add service principal credential events that relate to the service principal. The rotation of expired certificates is a common process, so you will need to determine whether the audit events are legitimate. Implementing change control processes to document the rotation can help to minimize confusion during rotation events.”