It wasn’t enough for Equifax. In today’s cybersecurity environment, you’ve got to think like a black hat hacker and protect your infrastructure from the techniques used not just the vulnerabilities themselves.
The Apache CVE security advisory was released on March 6th, the exploit for the vulnerability 1 day later, and Equifax was penetrated on March 10th, 3 days later. Yes, retesting to ensure ALL systems were patched and ensuring scanners are working correctly would have helped, but it took until July 29th for Equifax to discover they had been hacked. Their processes and software definitely let them down.
Why not have white hat hackers verify systems have been correctly patched and test for flaws manually? Well, in a word, it can be expensive. One new company, apptroops, is doing it very economically. They automate where it makes sense, with bots that crawl for the latest vulnerabilities, exploits, and malware, but manually apply those hacks because that’s how a black hat hacker will do it.
Using manual hacking techniques they can test multiple vulnerabilities and malware together to see if by combining those hacks they can escalate the severity level of a vulnerability.
By using certified hackers from Asia testing is performed much more economically. apptroops has found previously unknown vulnerabilities in Google, Facebook, Microsoft, eBay, and Sony with their methods, and for a limited time, we will test your infrastructure for FREE, pay only if we find critical or high severity vulnerabilities.