What is the benefit of performing an unannounced Penetration Testing?
A.
The tester will have an actual security posture visibility of the target network.
B.
Network security would be in a “best state” posture.
C.
It is best to catch critical infrastructure unpatched.
D.
The tester could not provide an honest analysis.
Explanation:
Real life attacks will always come without expectation and they will often arrive in ways that are highly creative
and very hard to plan for at all. This is, after all, exactly how hackers continue to succeed against network
security systems, despite the billions invested in the data protection industry.
A possible solution to this danger is to conduct intermittent “unannounced” penentration tests whose scheduling
and occurrence is only known to the hired attackers and upper management staff instead of every security
employee, as would be the case with “announced” penetration tests that everyone has planned for in advance.
The former may be better at detecting realistic weaknesses.
http://www.sitepronews.com/2013/03/20/the-pros-and-cons-of-penetration-testing/