The Current State of Network Security Assessments
Network security and risk assessments are widely recognized as a key component of enterprise IT security. These assessments are used to measure and report on the health of the network and the risks associated with operating them.
Currently, three types of network security assessments are regularly performed within the enterprise:
- Compliance Assessment – Identifies a network’s state of compliance with various regulatory requirements and policies.
- Vulnerability Assessment – Identifies known security weaknesses in targeted systems. Broadly, these assessments can be scoped in three ways:
- External – Conducted from outside the network without access or prior knowledge of internal systems.
- Internal – Conducted from inside the network with privileged access to internal systems.
- Application – Assesses vulnerabilities in the code of a hosted application.
- Penetration Test – Attempts to duplicate the actions of an attacker with the goal of finding paths or weaknesses an attacker could use to access the network.
Ultimately, all three of these assessment options help answer the same question: “Can my network be hacked?” What they don’t answer is whether an adversary has used an identified weakness or vulnerability to gain unauthorized access to the network.
According to research by Secunia, over 15,000 vulnerabilities are released every year – roughly 25 of which are identified as zero day vulnerabilities (i.e. vulnerabilities that were exploited by hackers before disclosure).2 With so many vulnerabilities, it’s safe to assume that our networks will always carry a degree of vulnerability to hacks – even if fully patched. Worse, an alarming number of breaches which result from these vulnerabilities go undetected for long periods of time.
A New Class of Security Assessment
Over the years, compromise assessments only existed in limited forms as specialized services rendered by boutique incident response firms. As of 2015, the practice has rapidly grown as publically disclosed breaches reached a fevered pitch.
We define the Compromise Assessment as:
An objective survey of a network and its’ devices to discover unknown security breaches, malware, and signs of unauthorized access. More specifically, the assessment seeks to find attackers who are currently in the environment or that have been active in the recent past.
A compromise assessment differs from intrusion detection in that it is an active dedication of analytical resources with a focus on indicators of a successful compromise. For the period of the assessment, there is more time and a wider authority to dig deeper than what is expected day-to-day in real-time monitoring. Additionally, the assessment brings to bare tools and techniques, typically reserved for incident response, that are better suited for detecting post-compromise activity. Compromise assessments are the most effective defense-in-depth measure an organization can use to ensure no threats make it past their defenses.
Download our white paper to learn more about how a compromise assessment can help you identify unknown security breaches and adversary presence within your network.
Need us to conduct a cybersecurity compromise assessment? Learn more or request more information here.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »