To Bot or Not
There is on-going debate about whether machines will make our jobs obsolete. At the end of the day, human and machine are always better together, and what robots may take over, will allow humans to focus on more innovative and strategic initiatives.
Robots have been our friend in our personal life, at work and in entertainment. They sweep floors at home, pack in factories, and play chess with top players. While they are no match for autonomous human intelligence and empathy, they excel in specific circumstances: when the work is repetitive, the knowledgebase is large, and the decision making is experience based. In the Cyber Security world, penetration testing fits squarely into this profile.
Today, the severe shortage of qualified security personnel and increasing costs to hire one has become a challenge across all industries. According to PayScale, a seasoned penetration tester earns a 60% higher median salary than the average of all occupations. Having an in-house penetration testing team, commonly called a “red team,” is hardly a must-have in many organizations, who are severely budget constrained, especially in against today’s pandemic.
Many organizations look for external help when they need a penetration testing. However, in addition to the considerable cost, the external service also brings in new concerns such as the consistency of each test and the controllability of the test results, which are solely at the tester’s discretion.
How much does a typical penetration service cost?
Usually around $800-$1000/web page; so for an average 40-paged website, one penetration testing could cost approximately $32K-$40K each time, because it’s not a one-off. Other non-trivial factors such as the lengthy process of hiring an external vendor and doing the time consuming prep work ultimately preclude organizations from doing penetration testing as often as required.
In the last few years, we’ve seen more and more Artificial Intelligence (AI) technologies successfully applied in the Cyber Security area. A group of technologists asked themselves a tough question: Can we automate penetration testing, traditionally considered not possible due to its challenging nature? And after two years of hard work, RidgeBot, the first cyber bot for penetration testing, was borne out of this.
RidgeBot’s current capability is equivalent to that of an advanced penetration tester. It can work as a senior tester when paired up with an experienced human tester. The multi-thread feature allows up to 128 bots to work simultaneously. RidgeBot frees up security personnel from repetitive work and lets them focus on research for new threats, 0-day vulnerabilities, and other pressing security issues. A cyber bot never gets tired of constant and repetitive tasks. It can work all times of the day continuously and there is no risk of internal security breach. It learns new knowledge fast and makes testing or hacking decisions based on industry-wide guidelines.
Here’s a comparison chart that highlights when and where a bot can mitigate and make penetration testing a reality for budget constrained businesses: