What is the benefit

of performing an unannounced Penetration Testing?

A. The tester will have an actual security posture visibility of the target network.

B. Network security would be in a -best state- posture.

C. It is best to catch critical infrastructure unpatched.

D. The

tester could not provide an honest analysis.

Real life attacks will always come without expectation and they will often arrive in ways that are highly creative and very hard to plan for at all. This is, after all, exactly how hackers continue t

o succeed against network security systems, despite the billions invested in the data protection industry.

A possible solution to this danger is to conduct intermittent -unannounced- penentration tests whose scheduling and occurrence is only known to the h

ired attackers and upper management staff instead of every security employee, as would be the case with -announced- penetration tests that everyone has planned for in advance. The former may be better at detecting realistic weaknesses.

References: