Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


June 7, 2022 | Pedro Pereira

Keeping Up the Fight: Continuous Security Validation

Testing the integrity of security measures on an ongoing basis can expose potentially dangerous gaps before an attacker can exploit them.

AFTER CONDUCTING a penetration test and addressing all the vulnerabilities it exposes, a company should feel confident in its cybersecurity posture. But that’s not necessarily the case. Cyberthreats change daily.

Continuous security validation is the confidence booster that most organizations need. It’s an ongoing testing method that employs various tools to verify your managed service customer’s security controls are working as expected.

Think of it as a daily check on security posture, says Erik Holmes, CEO of Cyber Guards, a managed security services provider in Memphis, Tenn.

The continuous method moves organizations away from “big bang” evaluations and remediation to a business-as-usual security validation approach, says Jon France, CISO for IT security organization (ISC)2. “Especially when it is automated, such an approach also bolsters good risk management and readiness scoring, which can show the organization’s posture at a moment’s notice,” he says.

When a Lot Isn’t Enough

Even when you deploy dozens of tools to build your client’s security posture, they can remain vulnerable to a breach. Defenses that are strong today or tomorrow can falter next week or next month. That’s the nature of the cyberbeast. Threat actors work tirelessly to refine their attack methods and introduce new threats.

It’s a tough challenge for any company to maintain robust defenses against an enemy that morphs constantly and draws from a seemingly endless supply of new tricks. By conducting continuous security validation—or having a service provider do it for them—organizations increase their chances of fighting off new and evolving threats.

Traditional penetration tests provide a snapshot in time, and the results can be overwhelming. “When you hand someone a mountain of problems, they sometimes won’t get started on addressing them at all,” says Holmes.

Continuous security validation changes that. When Cyber Guards finds problems, the provider hands a client prioritized lists so they can address the more pressing vulnerabilities more quickly, he says.

Despite its obvious benefits, continuous validation takes some getting used to. “One challenge with implementing continuous security validation is changing your mindset and moving toward an always-on method of dealing with validation and the results,” says France.

“You’ll have to fine-tune and find a balance so you’re not going into panic mode over false positives or ignoring alerts because you’re receiving too many, too frequently.”

Eventually, however, most companies become comfortable with continuous security validation. After all, says Holmes, the approach supports an organization’s growth and health over time.

When Cyber Guards runs its first pen test on an organization, it can compromise 85% to 95% of the client’s environment. With continuous validation, those numbers drop to 8% to 12% in three months, says Holmes.

PEDRO PEREIRA is a freelance writer in New Hampshire who has covered the IT channel for two decades.

Image: iStock

Editor’s Choice

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

Asigra Makes a Splash with New SaaS App Data Backup Platform

June 3, 2024 |

Asigra’s new SaaSAssure platform offers MSPs comprehensive, secure, and easy-to-use backup solutions for SaaS apps, addressing a critical market need and providing an unparalleled opportunity for revenue.

Peer to Peer: John Kampas on Why EMPIST Thrives — Plus, 1 Mistake Too Many MSPs Make

May 31, 2024 | John Kampas

How prioritizing customer protection and technological empowerment helped EMPIST evolve into a “managed technology provider” with an international presence.

MSPs React to Comprehensive, Aggressively Priced Kaseya 365

May 1, 2024 |

Hear from MSP peers on the launch of the new Kaseya 365 program — designed to provide a crucial package of tech services at an affordable monthly price.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience