There are good chances that your system will become a target in a digital attack some day. By your competitor, an intelligence agency, a disgruntled employee, or maybe just a bored kid who got lucky and found a hole in your mail server. In any event, the damage to your business can be very serious. Unfortunately, many times an incident like this is the only thing that will make the right people in your organization focus on security problems that always get preempted by "more important issues". Fortunately, on the other hand, there is an alternative.

Penetration test is a controlled and managed simulation of an actual system intrusion. It gives you a realistic experience of an attempted (usually successful) break-in into your information system - whether by an outside intruder or by your employee. During a penetration test, your security mechanisms as well as your intrusion detection and response capabilities are put to the test against a skilled, motivated attacker - only this time you have a complete insight in his thoughts and actions. This is a unique opportunity to get to know your enemy, without the damage you would normally sustain in a real attack.

Periodic penetration testing is a very effective method for keeping your security capabilities on a desired level. This way, you get yourself a "friendly attacker", constantly trying to subvert your security mechanisms. You know it and your people know it so there's an ever-present awareness of an attacker's existence, keeping your security sharp. Every attack is known to you in advance and documented in details. You might even suggest where and when to attack to test particular points that you believe could be weak. A detailed statistics is being maintained about the attacks so that you can easily locate weak spots in your security and later watch how they gain in their strength.