There is no doubt that manual penetration tests are an essential part of a robust security solution and an excellent first port of call. Performing annual or, in some cases even quarterly manual penetration tests as a primary defense against attackers is commonplace in the cyber security industry today. Though this strategy does have its merits, it lacks one critical element – continuous coverage.
​
To answer the question on why continuous vulnerability scanning is essential, it helps to give some examples of situations that could occur:
​
Perhaps a critical new vulnerability is discovered in software your business is using, during that long year between annual pen tests. Or a security misconfiguration gets introduced by a junior developer. What if a network engineer opens up a port on a firewall exposing one of your databases to the internet?
​
Whose job is it to notice these issues which, if left unchecked, could result in a data breach or compromise?
​
Without automated monitoring of issues such as these, it's hard to argue that they'd be noticed and fixed before attackers get a chance to take advantage.
​
Scanning for security issues on a regular basis helps to complement manual testing, as it provides businesses a good level of ongoing security coverage between manual tests, which are often performed only annually or before big releases.
​
Our view is that automated continuous monitoring solutions should be the first port of call for companies starting out on their journey towards a robust security solution.
​