Know Your Risk

Vulnerability assessments lay the groundwork for effective IT security.Vulnerability assessments lay the groundwork for effective IT security.

risk-web

The threat of a cyber attack has reached near statistical certainty. One recent global survey concluded that 94 percent of businesses fall victim to at least one cyber-security incident every year. In a worldwide threat assessment report to the Senate Armed Services Committee in February, Director of National Intelligence James R. Clapper noted that cyber threats are increasing in frequency, scale and severity of impact.

“In short, the cyber threat cannot be eliminated,” Clapper reported, “rather, cyber risk must be managed.”
Given the growing prevalence and sophistication of spyware, malware, phishing scams, stealth bots, denial-of-service attacks and other cyber security threats, managing risk requires a multilayered approach to security. Atlantic-IT.net is helping customers protect their technology assets with a blend of security services and solutions designed to identify and mitigate threats.

“Although security measures are continually evolving, the number of threats continues to surge every year,” said Krystal Triumph, IT and Telecom Specialist, Atlantic-IT.net. “Today’s networks are handling more applications, more devices, more users and more traffic than ever before, which means there are also more avenues for threats than ever before.
“We believe the first step to improving security in this climate is to gain greater visibility into the type and number of threats you are facing. This enables you to identify issues, prioritize actions and move more quickly to mitigate those risks.”

Gaining Insight

In partnership with Cino Ltd., Atlantic-IT.net offers vulnerability assessments that deliver a detailed look into undetected threats that pose a risk to the network and computer systems. As part of this service, Cino’s experts also help prioritize actions to mitigate risks and gain the peace of mind that critical assets are protected.
“Rather than rushing to get your hands on the best security tools on the market, you need to take stock of your existing security environment,” Triumph said. “An assessment helps you understand the strengths and weaknesses of your security tools and policies, and to identify your most pressing cybersecurity needs.”

Vulnerability assessments involve running internal and external scans on a customer’s network to find known vulnerabilities. Cino uses a variety of tools and techniques to minimize false positives and validate the results. Of course, the real work takes place before and after the scan itself.

“By gathering information about the customer’s IT infrastructure, such as operating systems, applications and databases, Cino’s security experts can tailor the scan to target potential vulnerabilities,” said Triumph. “When the scan is complete, Cino generates a detailed report that includes a definition of the found vulnerabilities, how those vulnerabilities might be exploited and how they might affect the customer’s security posture. The report also includes a plan that shows the customer how to remediate the vulnerabilities.”

Increased Visibility

Penetration tests take a different approach than vulnerability scans. With penetration testing, Cino gives customers the perspective of what a hacker would see and could do to penetrate their network.

“Penetration tests use some of the same processes as vulnerability assessment validation but go much deeper,” Triumph said. “The information gathered from the network is used to launch strategic attacks — the types of attacks hackers would launch based upon their eavesdropping over a period of time.”

Penetration testing is used to determine the effectiveness of the technical, operational and physical controls in place in the organization, as well as the organization’s vulnerability to a particular threat. As such, penetration testing is particularly important for customers facing regulatory compliance audits.

“The penetration testing report is focused on the systems that a hacker might actually be able to penetrate,” said Triumph. “It is often very eye-opening. It helps customers understand their level of exposure and what needs to be done to reduce that exposure.”

Today’s cyberattacks often begin with simple phishing scams to gain access to the corporate network. Once they’ve entered a network, hackers can remain undetected for long periods of time, accessing various systems, downloading and automatically updating malware, and stealing data. Traditional security solutions may be able to stop known attacks, but they can’t stop or even detect this activity until it’s too late.

“While every organization is at risk, there is no one-size-fits-all security solution. Because every IT environment is unique, each organization needs to understand its specific strengths and weaknesses in order to implement the right tools and policies,” Triumph said. “A thorough threat assessment is an important first step in the development of a security plan.”