3 Reasons To Have Your PEN TESTING Team Remediate
Jun 05, 2018
1. Managing Two Vendors
Smaller organizations don’t have the time/budget/resources to manage two vendors for IT. Managing two vendors means two sets of meetings, two quotes to review, two sets of technology mindsets and approaches, and a lack of skill set to ensure quality service is given.
This process and disconnect between two separate vendors for technology security introduce a huge gap in efficiency causing larger budget constraints. Most large organizations struggle with this dichotomy and this is only exemplified when you move down market.
3. Quality Assurance
A lot of the time a penetration testing team will perform the audit and then hand over results. The next year, most of the remediation still do not exist. If the remediation team was the penetration team this would most likely not be the case. The operation team does not know the security world as well as the penetration testing team so remediating is sometimes extremely difficult, if not impossible.
From an ethical standpoint, the security practices dictate you have separation of roles. In practice, the operational efficiency along with the lower OPEX, along with the assurance of completion from experts, can mean the penetration team is the best option for remediation. As an industry, I believe this philosophy and practice will gain traction over time. Although not perfect, a remediated environment is better than an environment with known exposed weakness allowed to stay weak.