Designing and building a new network, virtual environment, or remote access solution is by no means a straightforward process. It can take months of proposed network topology reviews; various revisions of kit lists to ensure each box is capable of sufficient throughput or running enough ports to future proof the design; presentations to key stake and budget holders at a senior level to get the project signed off; the allocation of hundreds of man hours to implement the new design and a project management team in place to cope with the inevitable delays and problems that always arise to ensure the go live date and the budget are met.
Why then, with all of this work happening in the build up to the go live date, would a project team schedule the first penetration test for two weeks before this date? What happens if the penetration test uncovers several flaws that push the whole project back? Flaws that could have been spotted much sooner in the process and consequently rectified at much less cost to the overall project.
A penetration test at this final stage is always required in order to sign off on the final network, but the first stage of the risk mitigation and management process should be when the network is still on paper.
A few extra days at this stage may not find anything considered to be show-stopping, in which case the project can proceed with added confidence - but if a review highlights just one serious issue or oversight then this can be headed off and designed-out of the solution before you have headed too far down the wrong path.
If you are planning a major network upgrade, design or redesign, then contact NTA to discuss a design review and build security and confidence into the designs from day one.