The Current State of Network Security Assessments
Network security and risk assessments are widely recognized as a key component of enterprise IT security. These assessments are used to measure and report on the health of the network and the risks associated with operating them.
Currently, three types of network security assessments are regularly performed within enterprise:
- Compliance Assessment – Identifies a network’s state of compliance with various regulatory requirements and policies.
- Vulnerability Assessment – Identifies known security weaknesses in targeted systems. Broadly, these assessments can be scoped in three ways:
- External - Conducted from outside the network without access or prior knowledge of internal systems.
- Internal - Conducted from inside the network with privileged access to internal systems.
- Application – Assesses vulnerabilities in the code of a hosted application.
- Penetration Test – Attempts to duplicate the actions of an attacker with the goal of finding paths or weaknesses an attacker could use to access the network.
Ultimately, all three of these assessment options help answer the same question: “Can my network be hacked?” What they don’t answer is whether an adversary has used an identified weakness or vulnerability to gain unauthorized access to the network.
According to research by Secunia, over 15,000 vulnerabilities are released every year – roughly 25 of which are identified as zero day vulnerabilities (i.e. vulnerabilities that were exploited by hackers before disclosure).2 With so many vulnerabilities, it’s safe to assume that our networks will always carry a degree of vulnerability to hacks – even if fully patched. Worse, an alarming number of breaches which result from these vulnerabilities go undetected for long periods of time.
A New Class of Security Assessment
Over the years, compromise assessments only existed in limited forms as specialized services rendered by boutique incident response firms. As of 2015, the practice has rapidly grown as publically disclosed breaches reached a fevered pitch.
We define the Compromise Assessment as:
An objective survey of a network and its’ devices to discover unknown security breaches, malware, and signs of unauthorized access. More specifically, the assessment seeks to find attackers who are currently in the environment or that have been active in the recent past.
A compromise assessment differs from intrusion detection in that it is an active dedication of analytical resources with a focus on indicators of successful compromise. For the period of the assessment, there is more time and a wider authority to dig deeper than what is expected day-to-day in real-time monitoring. Additionally, the assessment brings to bare tools and techniques, typically reserved for incident response, that are better suited for detecting post-compromise activity. Compromise assessments are the most effective defense-in-depth measure an organization can use to ensure no threats make it past their defenses.
Download our white paper to learn more about how a compromise assessment can help you identify unknown security breaches and adversary presence within your network.
Need us to conduct a compromise assessment for you? Learn more or request more information here.