As more organizations become aware of the need for cyber security, the amount of confusion over what products and services are needed increases. The confusion comes about for many reasons that we will not get into with this article, although in this article we hope to bring about some insight that will point an organization in the right direction.
This is a question that we get asked a lot. The difference, not always obvious has to do with the goals of the testing and the current security approach of the organization.
A vulnerability assessment is designed to identify as many vulnerabilities as possible within a network, application or system. This type of assessment usually occurs as a first level analysis within an organization to help identify their current security posture. The organization will be aware that they have problems and need help identifying them.
Penetration tests are typically reserved for organizations who have obtained their desired security posture. That have eliminated all known and discovered vulnerabilities. Have updated systems, patches and some type of cyber security program in place. The penetration test will simulate a scenario of attempting to breach an organizations system by finding exploits and vulnerabilities based upon pre-organized goals.
The classic rule of thumb for an organization is that anytime major changes occur to your network, you should do a vulnerability assessment.
Here are a few examples of these changes.
- New hardware, Infrastructure changes (Firewall, switches, routers, servers)
- Changes in Compliance, Regulations, Laws
- Change Management (Firewall Rules, Routing, VPNs, Wireless)
- Software (removal or addition of new software applications)
As we can see, the scheduling of vulnerability assessments can be very difficult to budget and plan without a long-term IT implementation plan in place. Companies like Redbot Technologies offer organizations the option of pre-purchasing vulnerability assessment at a discounted rate on an annual contract. If a company typically performs (4) assessments a year, although at various times, this become a valuable cost-effective option.
Testing becomes more periodic when we start talking about penetration testing. Every organization is dynamic. From the data to the infrastructure, everything is in a continual state of change. There are multiple factors to analyze to determine when and how a penetration test should occur. These factors can range from your current IT footprint, company size, levels of compliance and regulation to regions where you do business or organizational growth. Either way, we recommend to all companies who have some level of cyber posture to perform at least one penetration test a year. Again “ALL COMPANIES”
IT said we have it covered…
Even the most sophisticated companies in the world, do not have everything covered. Network Security is a moving target. Your team needs to keep up on latest threats, patch management and best practices.
It’s important to contract with a security company that works with your existing IT structure, supporting your security efforts. Companies like Redbot Technologies bring talent, resources and experience to the table as a solution for your IT team to use. We assist your team in assessing, securing, monitoring and protecting your organizations networks and data.
If your organization decides to move forward and starts to implement cyber security solutions, there are a few initial steps that a cyber security company will take. This is done to assure that they provide you the utmost service and discover the proper scope of what you are needing.
The first step in the process is a call with all the stakeholders to determine what the organization really needs. This discovery process will assess the organizations current security posture, industry and market specifics, cyber security history, current data protocols, security policies, regulations, compliance and a basic overview of the network/application infrastructure.
From this discovery process, a cyber security company will be able to outline a systematic approach to implementing the proper level of security that is needed at your organization.
The initial project scopes that are built from this discovery process have a time line that can last anywhere from a few hours, weeks to months depending on the organizations size and need. A cyber security company will work with your management and IT teams to determine the best course of action for testing and remediation. At Techimon, all planning considers operational and logistical parameters so that any testing will not interfere with day to day operations.
Next, the project will move forward once all approvals are received. A cyber security company will assign a team of engineers to start the initial assessments and testing and work directly with your organizations IT team to do this. This process can be long and enduring, especially if the systems being tested are complex and the testing is being done after operational hours.
After the testing is completed the data is taken and analyzed to where it is developed into a security profile of your organization. This profile is presented to the stakeholders and the findings revealed along with methods and suggestion for remediation.
The next step would be for the organization to re-mediate all discovered and known vulnerabilities, exploits and security concerns. A typical cyber security company would be readily available to assist an organization with this remediation.
Once the remediation has completed, the next steps would be to perform a penetration test on the implemented cyber security solutions. This testing will uncover any missed gaps in security, human error and even discovered exploits within the newly installed systems.
Lastly, once all the assessments and testing are completed, the next steps would to implement the right level of threat detection and monitoring that the organization would need. The great thing about this is that the solutions currently on the market are cost effective even for small and medium businesses and can be installed and monitored by your internal IT staff.
When it comes down to it, cyber security is a complex game of never ending continual technological improvement, assessment and remediation. As soon as something is fixed and secured some hacker has now discovered a new vulnerability somewhere else. This can become an expensive game of cat and mouse if the proper preparations are not put into place. Above all else, the first rule in cyber security is understanding that you are at risk.