Penetration Testing

Video Transcription

Alicia: Hello everybody, thank you for joining us again today. Here we have Gil Vidals, the CEO of HIPAA Vault, which is an MSSP specializing in HIPAA compliant cloud services. So since launching our new brand, HIPAA Vault, we talked about some of the new services that we’re introducing, and last week we talked about SFTP servers, and this week what did you want to talk about Gil?

Gil: This week I’d like to talk about penetration testing, or pen testing, because that’s an important service that people need to know about.

Alicia: Okay, and what exactly does a penetration test entail?

Gil: Well, it’s really about ethical hacking. It’s taking a system and hiring an expert in security and having them test to see if they can break into a system?

Alicia: Okay so would this be the same thing as basically a vulnerability scan or is it different?

Gil: Well a vulnerability assessment scan is usually automated, it doesn’t require any human intervention. It’s just a report that shows possible vulnerabilities, and it is important to act on it, but it’s usually an automated task. Whereas a penetration test is an actual human being who’s an expert white hat, ethical hacker, and they may work for dozens of hours, or days, trying to break in, so that engagement can last for days or weeks on end.

Alicia: So that one is much more thorough because it’s an actual human brain trying to figure out how to hack. 

Gil: Exactly.

Alicia: Okay, and how would somebody know if they need to have a penetration test done?

Gil: Well, a penetration test would be required sometimes for certain audits. A very thorough audit would require a penetration test, and sometimes it’s just the manager at a company that says “Hey we really need to be sure that security is working”, so they’ll hire an independent, 3rd party penetration tester.

Alicia: Okay, awesome, is there anything else that you wanted to add?

Gil: Well, just thank you for watching, and if you are interested in a penetration test, you can stop by our website and fill out a scoping document which then goes to your team and we would get back to you on that.

Alicia: Okay, and we do the vulnerability scans as well, right?

Gil: That’s right!

Alicia: Okay, awesome, thank you!


Our certifications