Certified Ethical Hacking: Staying Ahead of Vulnerabilities

Cybercrime is a hot-button topic these days, with even the U.S. government taking an interest in addressing it (and FYI - there is a fantastic blog post at Beta News  that gives a lot of examples as to how the 1998 Digital Millennium Copyright Act is preventing researchers from really researching cybercrime and working to stop it). Meanwhile, computer networks at companies and of governments around the globe are being constantly targeted for cyber attacks.

It's certainly a dark and dangerous cyberworld out there. What's a company to do? SECNAP Network Security Corporation suggests employing Certified Ethical Hackers (or outsourcing to a company like SECNAP) to help flesh out vulnerabilities using the tactics of criminal hackers, before they can be found and exploited. According to SECNAP, Certified Ethical Hackers are given permission by the client to poke around systems and websites, staying within the confines of the law. Basically, these security experts are trained to look at the systems in a new way – not with the company’s internal workings in mind, but with how other, more sinister minds would think about them.

SECNAP got into the Certified Ethical Hacking aspect of security a few years ago, recognizing that security risks are constantly evolving, and thus the techniques to mitigate them need to evolve as well.

"We began encouraging our audit staff to obtain ethical hacker certification a couple of years ago. Being well-equipped to recognize new threats and utilize new techniques against those threats enables them to stay ahead of criminal hackers," says Amy Hancock, marketing communications specialist for SECNAP Network Security Corporation. "Our key auditors are also Certified Information Systems Security Professionals (CISSP), Certified Information Security Managers (CISM), and Certified Information Systems Auditors (CISA). They keep their credentials current by undergoing periodic professional training and reading professional journals and security news."

SECNAP Network Security offers ethical hacking as part of its overall security solution for clients. It combines it with IT security audits, external penetration testing, wireless audits and more. So, how does this added element really help keep a company's systems and website more secure? "CEH training teaches how to think creatively, as a hacker would, and how to spot tell-tale signs. Often, knowing the characteristics of certain malware or cybercrime tools aids in identifying the specific crime and in selecting the appropriate counter-measure," says Hancock.  "For example, a key feature of a worm is that it can replicate itself without user intervention. CEH training covers the key features of worms versus viruses, as well as a wider range of knowledge, from footprinting and firewalking, to the types of scans most effective against particular hacking methodologies."

Hiring a Certified Ethical Hacker to test the strength of your network and flush out vulnerabilties is a smart preventative measure.