The Future of Penetration Testing in 2022 and Beyond

November 15, 2021 – Article posted on VMBlog

GuidePoint Security’s Practice Lead, Threat & Attack Simulation Strategic Services, Todd Salmon, examines the world of penetration testing and offers his predictions for the coming year. As the number, frequency, and sophistication of cyberattacks has grown over the last year, so have organizations’ needs for increased, on-demand visibility into their attack surfaces and vulnerabilities. Traditionally, the model for achieving this visibility has relied on a tiered approach starting with vulnerability scanning, moving to penetration testing, and finally engaging in red teaming. However, as the number of vulnerabilities reported daily continues to climb, it’s become clear that a purely human-driven effort to identify vulnerabilities in an environment and test against them is a losing battle.

To meet the organizational need to simplify operations and reduce costs in an increasingly complex and expensive cybersecurity landscape, penetration testing will evolve beyond the traditional, point-in-time approach. Organizations and providers will move towards a continuous penetration testing model that offers an automated framework to test an environment and validate controls, all while maintaining the human expertise associated with more traditional testing.

By leveraging automation, continuous penetration testing can rapidly identify and test for vulnerabilities as they are disclosed, giving organizations and businesses the data they need to remediate swiftly.

Read More HERE.