Working Together to Provide Comprehensive Cybersecurity
Protecting Your Organization from Cybercrime
You already know that you need to be proactive regarding cybersecurity to protect your organization’s information and your resources. In 2020 cybercrime cost organizations an average of $4.35 million, and it took 277 days to find and contain the attack. But what’s the best way to mitigate against your organization falling prey to an attack? There are a number of different types of cybersecurity tools available with more being announced seemingly every day. VC funding for cybersecurity startups reached a record high of $29.5 billion in 2021 and there have been 300+ new startups every year. With this assortment of tools at your disposal, which ones should you deploy?
One way to proceed is to select tools that complement each other. For example, deploying pentesting for breadth of vulnerability test coverage works hand in hand with red teaming for more targeted testing of specific assets or problem areas. Another complementary pairing is pentesting with asset discovery and management. In this article, we’ll take a look at how penetration testing can use the information from asset discovery and management tools to make sure you are testing everything you need to test and provide you with comprehensive cybersecurity protection.
Asset Discovery and Management
Pentesting will provide you with actionable knowledge of how a cyber attacker can hack into your organization and what damage that attack can cause. But before diving into pentesting it’s important to have a picture of your organization’s external attack surface and an assessment of its known vulnerabilities.
Determining Potential Attack Points with External Attack Surface Management (EASM)
EASM is at the forefront of Gartner’s Top Security and Risk Management Trends for 2022. Broadly defined EASM is the process of identifying, inventorying and assessing your organization’s IT assets including all external-facing internet assets and systems. And with the increasing use of cloud resources, your attack surface is expanding rapidly. Forty-three percent of IT and business leaders state that the attack surface is spiraling out of control, and nearly three-quarters are concerned with the size of their digital attack surface. Having a good EASM process will provide your pentesters with a map of where all of your assets are, whether they are internal or external, so they can better determine how to mount as all-inclusive a test as possible.
Identifying and Managing Your Vulnerabilities
A vulnerability scan can identify gaps in your security controls and find security loopholes in your software infrastructure. These scans are optimized for breadth and completeness of coverage with the goal of ensuring that no vulnerabilities are missed. A vulnerability assessment will check for security issues such as misconfigurations, unchecked or incorrect privileges, excessive services and missing operating system updates. You can then prioritize the exposed vulnerabilities according to how likely they are to be exploited in your organization and how much damage can be caused by a hacker exploiting them.
Putting It All Together
EASM, vulnerability management and penetration tests complement each other but have different goals. The first step in determining your organization’s vulnerability to cyberattack is to do an EASM study. EASM results helps you see what all of your potential attack points are. It’s not uncommon for an EASM study to expose assets and points of potential attack an organization didn’t even know they had.
Using the EASM results you can perform a vulnerability assessment to expose any known vulnerabilities associated with those assets. The vulnerability scan and prioritization will tell you what your known vulnerabilities are. Usually these vulnerabilities are already known to the security community, hackers, and software vendors. These scans normally don’t uncover unknown vulnerabilities.
With an EASM and vulnerability results in hand you can then perform a penetration test. Where vulnerability scans are optimized for depth and completeness, penetration tests are optimized for depth and thoroughness. Pentests will search for all potential attack points and actively exploit all detected known and as yet unknown vulnerabilities to determine if unauthorized access or malicious activity is possible. Then a good pentesting operation will prioritize its results and assist in remediation or mitigation of detected problems.
Using these three cybersecurity tools and processes will help you answer these important questions:
- What do we have that might be attacked? (EASM)
- Could an attack happen on things we own and how likely is it that something will happen to us? (Vulnerability Assessment and Management)
- What can happen if an attacker gets into our system? (Pentesting)