Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

What's in Your Cybersecurity Arsenal? Penetration Testing and Other Top Tactics

Take a look at key tools for your cybersecurity arsenal, including penetration testing, threat modeling and more.

Determining your organizational approach to cybersecurity — which tools you use, how you allocate personnel and financial resources to the task, where you harden your IT infrastructure the most — is not the easiest task when you're new to it. Truth be told, it's not necessarily easy when you've done it half a dozen times, either. 

As such, you'll need to review your options. These run the gamut from fairly well-known quantities like penetration testing and vulnerability assessments to newer practices like threat modeling and bug bounties. Regardless of which route you take, it will still be well worth your while to understand the available paths to a more secure network.

Before we begin, it’s important to explore the relationship between vulnerability assessment and penetration testing. While they are best used in tandem, they are often mistaken for one another. Vulnerability assessment is the process by which an organization enumerates all of the potential areas of weakness on their systems. During penetration testing, they are confirming the potential risks, putting the hypothetical weaknesses to the test to confirm whether and how they could lead to a successful cyberattack. 

Penetration testing: A valuable yet underutilized tool

The key point of penetration testing (sometimes shortened to "pen testing") is to actively identify dents in your network's armor.1 Specifically, you do so by looking for them — and, when found, attack them the way an attacker would.

Some penetration testing tools are software-based, using automated scanners to find problems wherever they may be: in specific applications, within the network's firewall, embedded within your operational technology and so on. In other cases, the test will actively simulate an attack. This can mean putting excessive pressure on the network and specific operations within it (like a very mild version of a dedicated-denial-of-service attack).

No matter how they're executed, penetration tests should always be conducted with precise goals in mind. For example, you could deploy a series of tests in conjunction with reporting from a vulnerability assessment tool like Nessus. If the assessment identified issues with network security and your organization took measures to rectify them, pen testing would help assess if the remediation was effective.

Each of the tools we'll be discussing here will be most effective if you have an underlying and ongoing vulnerability assessment program in place.

Penetration testing and other top tactics for your cybersecurity arsenal

Cybersecurity audits: For the sake of standards

All organizations are beholden to regulations created by government departments and leading industry organizations - some more so than others. The effectiveness of cybersecurity measures is, at times, part of such criteria. Cybersecurity audits are, in fact, centered primarily around compliance. They do involve examination of the protections a given organization has in place for certain aspects of its IT infrastructure, and Nessus Professional is one such tool that can assist with compliance auditing. However, audits can often be myopic, and thus should not ever be the sole cybersecurity framework that a company uses.

Consider PCI DSS compliance for a perfect example of a cybersecurity audit's characteristics and shortcomings. Some of its requirements are extremely important, like encrypting and maintaining a firewall configuration for clients' credit card data, using (and regularly updating) antivirus software and consistently testing security systems.2 But there are organizations for whom PCI doesn't apply, and moreover, plenty of entry points for cyberattackers that don't involve financial data. The same goes for similarly sector-specific standards like HIPAA's cybersecurity requirements.

Audits centered around more comprehensive standards, like ISO 27001 or 27701, will be more efficacious. The 2019 update3 to 27701, in particular, involves particularly robust data protections, likely to keep up with the GDPR regulations that are often cited for their meticulousness. But the fact remains that if you orient your cybersecurity procedures around compliance and audits, your organization is setting a ceiling for how well-protected it can be. Audits must always be accompanied by ongoing vulnerability assessments and other cybersecurity best practices.

Threat modeling: Preemptive catastrophizing

Knowing how many vulnerabilities your network has and where they are is obviously critical. How else are you going to rectify these flaws? But in certain circumstances you may need to know much more.

Imagine that you knew a cyberattack on your organization was either imminent or highly likely. This wouldn't require clairvoyance on your part; perhaps you're part of an industry that's frequently targeted by malicious online actors. Or maybe a specific malware is bouncing around your city or region (the way WannaCry spread through multiple countries, and then crossed continents, in a matter of hours4).

Threat modeling can be extremely valuable in this situation. At its essence, this methodology entails envisioning the results of a specific cyberattack on your organization.5 Such projections should include monetary and data losses, time spent dealing with the attack's immediate and lasting consequences, estimates of how big a hit each department or business unit will take and other key performance indicators.

Using these bottom-line numbers about cyberattack impact can help impress the seriousness of the issue upon people in your organization who might not fully understand it otherwise. Threat modeling can also be applied as a preemptive tactic and built into the overall structure of your organizational cybersecurity strategy. 

Bug bounties: Bringing in the mercenaries

Penetration testing is a more conventional form of ethical hacking — especially if you commission a third party to handle it. On the (somewhat) less typical end of the spectrum lie bug bounties.

Instead of hauling in cattle thieves in the Wild West, ethical hackers who pursue bug bounties seek cash rewards from organizations who want their security flaws uncovered and patched. Sometimes these assignments are low-key affairs between one business and a white-hat security consultant; others are part of programs maintained by tech giants like Apple, Facebook and Google — and the U.S. military.6

Commissioning bug bounties may not be the right play for all organizations, but if you can afford it — and you find a trusted white-hat — it can be useful for tracking down vulnerabilities in the network that your IT team can't spot.

A balanced approach

There's no single right answer when it comes to developing a cybersecurity strategy. It all depends on the needs of your organization, which will probably fluctuate over time. By balancing a comprehensive vulnerability assessment program with savvy deployments of all of the methods described above, you give yourself and your business the best chance at a truly secure network and IT infrastructure.

Nessus Professional is the industry-leading vulnerability assessment solution. Try it today with a free 7-day evaluation.

Start Your Free Nessus Trial

1. TechTarget, "Pen Test (Penetration Testing)," October 2018
2. PCI Security Standards Council, "Maintaining Payment Security,"
3. ISO, "Security Techniques: Extension to ISO/IEC 27001 and ISO/IEC 27002," August 2019
4. BBC News, "Cyber-Attack: Europol Says It Was Unprecedented in Scale," May 2017
5. Daniel Miessler, "Information Security Assessment Types," December 2019
6. Tripwire, "10 Essential Bug Bounty Programs of 2020," June 2020

Related Posts

Subscribe to the Tenable Blog

Try for Free Buy Now

Try Tenable.io


Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now
Try for Free Buy Now

Try Nessus Professional Free


Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning


Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.



Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security


Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin


Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Request a demo of Tenable.ot

Get the Operational Technology Security You Need.
Reduce the Risk You Don’t.