How to Protect Companies Through Penetration Testing

  • by
How to Protect Companies Through Penetration Testing

How to Protect Companies Through Penetration Testing – I talked to Paula Januszkiewicz about how she breaks into computer systems to get the secret plans. Legally. Of course. Yes. Paula is a security expert and shares some stories of penetration testing, what the current security landscape looks like on Azure and the importance of having 100% uptime for your customers. Also, Paula has access to the windows source code.

Cloud in general has been a question for so many years and a couple of years ago people were wondering is it safe to put the data in the cloud and so on. And it’s really about trust. Yes. So once we got that done, then there is another stage. What is actually a benefit of being in the cloud.

So security wise, one of the benefits that in our opinion or in my opinion is, very important is the possibility to have things continuously running. Yes. So that’s one thing and a second to be globally monitored so that you are able to connect all those in one place. And whether you are using a Linux or Windows or it doesn’t matter, then you are able to gather that information and utilize it properly in one place. So in my opinion, this is the power of the cloud from the security perspective.

So what are some of the prime Azure features that you really like and that you would probably recommend to use? So nowadays it’s going to be Sentinel. You are able to monitor things, extract information that’s useful for you. It’s a great monitoring solution and great monitoring system. It allows you to connect these dots. So that’s what the cloud is for. And in general we’re getting into, the world where we kind of might be even don’t care whether it’s Windows, Linux or whatever.

As long as we’ve got the possibility to connect to the machine and then leverage this data. So this is the power of the cloud and we could be thinking like, could there be a solution like this on prem? Yes, of course. But because the direction is cloud, that’s why the development gets to this area. So in terms of security products on Azure, it’s kind of built into the platform from the ground up, isn’t it?

So how do you sort of point out what are the security features of Azure when you talk to people that may not know? Well, well monitoring again is one of the things that we mentioned, but also the possibility to start the machine, quickly from different types of templates that you’ve got over there, provide the services immediately. One of the things that I like from the cyber secure perspective is the possibility to scale out.

So if for example, you are under attack and you’ve got, lots of traffic or, or simply you’ve got lots of traffic, so to say, so things like a natural denial of service, then that you are able to fix this problem pretty quickly. Yeah. Yeah. And it’s just a slider. It’s like it’s just the modern computing. Oh, just slide more sources, right? And dollars. But of course you’re able to do this backwards. So it depends really, what, what kind of capacity you need or you, I don’t know, there was like a black Friday. Yes.

So for that you would invest for two days or for something like this. So you can actually handle lots of traffic on your servers cause at the end these are servers, it’s just that they’re out there. Yeah. They’re someone else’s servers. Yeah, pretty much. Pretty much. Not really a long time ago I’ve been doing a pen test for our company here in the US that was basically almost 6,000 people.

And one of the ways and points of entry for them was doing that simply, I don’t even call it an attack, the password spraying. So, you just take whatever like company name 2019 or something and then you, you spray the 6,000 accounts that you get, for example, from LinkedIn even. Yeah. And so on.

So you know, like what’s this, what’s the pattern? So at the end, there was like 29 accounts that had a password company name 2019. So I’m already, John, I’m already Anna. So on. Someone in the old mailboxes for old logo boxes, sending email to the whole global catalog to open up something, click something, and so on. So this is the simplest way to get in. Right?

If there was a multi-factor authentication that won’t happen. Yeah. So you mentioned pen test and just for the view is that don’t know what a pen test is. What is it just in your world anyway? It’s having fun and getting paid for it. Trying to break things legally. Totally. Legally because you sign papers so this is really what makes the difference.

In general. There’s a very nice way to call it in 2019 right now it’s called “cybersecurity profiling”.

 

Useful links:

reference – How I protect companies through penetration testing

Share this post ...

Leave a Reply

Your email address will not be published. Required fields are marked *