By Jared Hrabak, Consulting Cybersecurity Engineer
In a previous article, Penetration Testing: How to Get the Most Out of Your Assessment Dollar, we discussed the differences between vulnerability scans and penetration tests and the reasons for doing them, and we made the case for rotating your cybersecurity assessments and testers to get maximum value. Both assessments are necessary and good investments that every company should make regularly, but they also have limitations. At MicroAge, we have been working to overcome those limitations.
Traditional Cybersecurity Assessments
To help explain, consider the following analogies about vulnerability scans and penetration tests that explain each from a ‘real-world’ perspective:
A Vulnerability Scan is like hiring a security guard to come to your building and check the outside perimeter. They will check every door and window and make sure they are all locked. While walking around outside, they will also look for any obvious holes that have neither a door nor a window and could be easily used to gain access. Their report will tell you about anything that was unlocked, but they never actually enter the building, so they can’t tell you anything about what is inside.
A Penetration Test is like hiring a burglar to come to your building and try to break in. They will check the perimeter for open holes with no doors or windows and check for unlocked doors and windows like with a vulnerability scan, but they will also try to pick the locks on those doors and windows. If you have a talented and resourceful penetration tester, they may even climb on the roof and look there for ways to get in. Their report will tell you about holes found and let you know if any locks could be picked to gain access. However, they still won’t be able to tell you much about the inside of your building unless you specifically define rules of engagement which allow them to keep penetrating your internal network once they are inside the “building.”
Vulnerability scans and penetration tests provide valuable information and can give you a reasonable assurance that your perimeter is secure, but these cybersecurity assessments have limitations. There are times when you need more.
Introducing the MicroAge Compromise Assessment, Powered by BlackBerry Cylance Consulting
MicroAge and BlackBerry Cylance have joined forces to offer unique cybersecurity assessments designed to determine if your systems are currently, or ever have been, breached. Our specialists will deploy a lightweight, self-dissolving script in your environment to gather a variety of relevant data. That data is then analyzed by BlackBerry Cylance’s powerful AI to highlight areas of weakness, such as improper configurations, unsupported operating systems/applications, old (and easily cracked) encryption protocols in use, and more. The assessment will also identify past and present unauthorized activity in your environment, such as credential harvesting, hacking techniques being used, hacking tools installed, brute-force attacks, successful and/or unsuccessful attempts to elevate privileges, and data exfiltration, just to name a few.
Staying with our real-world analogy, think of the MicroAge Compromise Assessment as inviting a SWAT team to come inside your building and thoroughly search every inch to ensure that nobody is inside that does not belong there. They will systematically sweep the building, checking every corner, every closet, and every hiding place to verify that all are unoccupied. While inside, they will also dust for fingerprints to ensure that no unauthorized person is ever inside the building. They will also check the internal security and point out areas that can be improved.
When is a good time for a compromise assessment?
- When you suspect your systems have been breached. A compromise assessment could confirm or disprove your suspicions – and help target your response and shorten your remediation efforts should your fears be confirmed.
- When acquiring another company. A compromise assessment should be an essential part of your due diligence process. Whether or not the acquired business is or ever has been breached is a material fact that would significantly impact the acquisition decision and price. You need to know about a breach before you buy the company; otherwise, that breach is your problem and your liability.
- When you hope to be acquired. A breach discovered during the M&A process could profoundly impact the purchase price and kill a deal altogether. Ensure you get the maximum value for your company by identifying and correcting any issues before a deal is on the table. Let your potential buyers know that this assessment has been done, and your clean environment may make you a more attractive target.
- When there are changes in executive leadership. As a new CEO, CIO, or CISO, you need to know if your new organization has been breached so you can address that issue immediately. It is already your responsibility to make sure you know about a breach – and act – before it also becomes your fault.
- When vulnerability scans and penetration tests are routine. Suppose you have been checking your perimeter regularly and are reasonably sure it is secure. In that case, it’s time to take your assessments to the next level and look inside to confirm that nobody is or has been acting inside your perimeter.
- When doing your very first vulnerability scan or penetration test. If you have not been looking at your perimeter regularly, there is an increased chance that you have been breached. It won’t help to lock down the perimeter if someone has already established a persistent foothold. Find them, kick them out, and lock the doors so they can’t get back in.
MicroAge cybersecurity experts can help you find the right mix of vulnerability scans, penetration tests, and compromise assessments to increase the effectiveness of your ongoing assessment plans.
Let us help determine the right mix of cybersecurity assessments for your organization.
Let’s talk
If you would like more information about the MicroAge Compromise Assessment, powered by Cylance Consulting, contact us at (800) 544-8877.
“As a Cybersecurity Engineer, Jared partners with clients to help them identify product solutions that match their cybersecurity governance, risk and compliance objectives. He enjoys educating and advocating for a successful cybersecurity practice by focusing on client success. Jared brings a wealth of experience in content filtering, cybersecurity operations, and military service to help put clients on the path to success.”
Jared HrabakConsulting Cybersecurity Engineer