Remote Compromise Assessment: Step 1 of a logical Cyber Strategy
Over the past few months, we have had an opportunity to speak with many people from many different industries about cybersecurity strategies. A common topic of discussion relates to their wish to better understand how effective their current defences will be in protecting them from attack.
In today’s world, companies are under threat from many flanks, anyone from a petty thief, to a disgruntled employee, to an organised crime gang or even a nation-state can deem you a target.
As technology evolves, companies looking to strengthen their cyber defences, need to understand their ever-increasing Attack Surface, who their attacker might be, and what their levels of sophistication and determination are.
Only when companies fully understand their network, the risks that threaten it, and how these risks are addressed within their cyber strategy, can they determine where to direct the processing power of their cyber-defences to focus on limiting the impact of a successful attack.
Remote Compromise Assessment is essentially a Cyber Audit of a network; however, a Compromise Assessment goes much deeper than a cyber audit that is based on a questionnaire. A Compromise Assessment is a technical review of your network to identify any previously undetected vulnerabilities, ranging from suspicious user activity (Admin & Standard User), vulnerable cyber-policies, use of potentially dangerous software (Solarwinds, TeamViewer), examples of Brute Force Attack or evidence of a previous breach.
Too often cyber-crime investigations reveal that digital evidence and attack indicators were available prior to the breach being detected. If these previously undetected vulnerabilities are identified early, companies can intervene to minimise risk and avoid future breaches.
A GuardYoo Remote Compromise Assessment delivers a secure, reliable and affordable Cyber Audit including Forensic Analysis, within 1 week.
To help visualise where a Compromise Assessment can be added to an existing Cybersecurity strategy, consider the following analogy.
Imagine that you are Head of Security working for a large Sea Port:
The port is like a city with real streets created from containers three or four stories high.
The port has neighbourhoods with intersections, traffic lights and crossroads.
One day you discover thieves are stealing packages from an isolated part of the port. (You’ve been breached)
What would your response look like?
We think responsible people would consider the following steps (But in what order is the key).
- Employ an investigator (pen tester) to figure out how it is possible for the theft to take place.
- Purchase cameras and alarm systems in an attempt to monitor every container.
- Hire more security staff.
- Replace/repair all broken locks and fences.
- Build a detailed map of your port and measure reaction times for reaching each location within the port.
For GuardYoo, we believe there is a sequence that needs to be followed to ensure that the breach not only is contained, but the risk of future breaches is also minimised.
- Step 1: Compromise Assessment
Build a detailed map of your Port.
- Step 2 – SIEM - (More cameras & alarm systems)
When you know your port like the back of your hand, you know which “streets” (Servers) are more vulnerable and should be monitored by cameras, and within these “streets”, which containers (data sets) should be equipped with an alarm system.
This approach will also help reduce costs by reducing the size of your Attack Surface.
- Step 3 - Incident Response – (Hire more security staff)
- Step 4 - Vulnerability Assessment – (Fix/Replace broken fence & locks)
If you attempt a vulnerability assessment before deploying a SIEM, you won’t understand how a breach takes place.
- Step 5 – Pen-Test – (Hire Investigator)
The main objective for hiring a pen-tester should be to watch the pen-tester's techniques and then use the data to improve your SIEM.
It’s not just to identify “how” someone has the ability to steal something or breach the network.
You need to identify what parts of your port are not fully under your control.
That is the main goal of a pen test - to detect "blind spots" in the monitoring process.
Regular Compromise Assessment can help companies fully understand how their network is operating and which areas within it are most vulnerable. Once cybersecurity teams have this information they can deploy their resources to achieve maximum benefit.
The ideal cybersecurity Plan/Roadmap is:
- Achieve a full understanding of your infrastructure - Compromise Assessment including Digital Forensics.
A remote Compromise Assessment will give you a clear understanding of any bottlenecks (i.e. locked out accounts), Segregation of Duty issues (i.e. Network Administrators not adhering to best practice) or any existing breaches that were previously undetected.
- Upload all Compromise Assessment findings to SIEM
- Test all devices using Vulnerability Assessment scanners (Qualys or other)
At GuardYoo we believe that it is extremely important that this sequence should be followed precisely and each step should be completed only after the previous step was completed to a satisfactory standard.
All evidence from each previous step should be analysed and understood, and all actions completed to perfection.
Do not rush these steps, it is too important to skip through the process.
If you would like to learn more about GuardYoo and our remote Compromise Assessment platform, click the button below to submit a request:
A member of our team will respond to you as soon as possible.
If you or one of your clients suspects their network has been breached without their knowledge, we would also like to hear from you as we can deliver a remote Compromise Assessment quickly to ensure the breach impact is kept to a minimum.