All Collections
Why do I need continuous monitoring? I already get penetration tests.
Why do I need continuous monitoring? I already get penetration tests.

A discussion on continuous vulnerability scanning compared with regular manual penetration testing

Daniel Andrew avatar
Written by Daniel Andrew
Updated over a week ago

There is no doubt that manual penetration tests are an essential part of a robust security solution and an excellent first port of call. Performing annual or, in some cases even quarterly manual penetration tests as a primary defense against attackers is commonplace in the cyber security industry today. Though this strategy does have its merits, it lacks one critical element – continuous coverage.

To answer the question on why continuous vulnerability scanning is essential, it helps to give some examples of situations that could occur:

Perhaps a critical new vulnerability is discovered in software your business is using, during that long year between annual pen tests. Or a security misconfiguration gets introduced by a junior developer. What if a network engineer opens up a port on a firewall exposing one of your databases to the internet?

Whose job is it to notice these issues which, if left unchecked, could result in a data breach or compromise?

Without automated monitoring of issues such as these, it's hard to argue that they'd be noticed and fixed before attackers get a chance to take advantage.

Scanning for security issues on a regular basis helps to complement manual testing, as it provides businesses a good level of ongoing security coverage between manual tests, which are often performed only annually or before big releases.

Our view is that automated continuous monitoring solutions should be the first port of call for companies starting out on their journey towards a robust security solution.

Did this answer your question?