Comments: No Comments
A shift in the security paradigm needs to address the Unseen attacks in the environment. Detecting the Unseen activities in the environment explains why there are so many attacks being reported on a daily basis. The unseen attacks depend on the ability of the attackers to hide in plain sight. We will outline several of them here to uncover the unseen activities within almost every network.
Figure 1 – Scope of security Testing
The image above describes the current state of Security Tools, Techniques and Practices. While the traditional tools and techniques are all point in time application of practices, we can also classify them as reactionary practices as well. Let’s examine the methods outlined above.
Security Assessments (review of security for a host, a network, software or other asset) are only valid up to the time the report is generated. As soon as the observer generates the report, the Assessment of the environment ends, and it becomes stale. This is a point in time observation.
Today’s Security Tools look for tomorrow’s attacks. Tools that security researchers and network testing teams all use to assess the activities inside the network are based on testing for Known threats, and how the environment will respond to the next attack. These tools test the environment for detecting known threats on potentially new attacks.
The ITS SafeTMsecurity appliance is designed to Detect, Defend against, and Destroy IntrudersTM. While other tools and testing activities look for the future state of security in the organization, the ITS Safe appliance examines all activities to uncover and detect unwanted connections that were completed before you began the observation of environment.
Everyday around the world, new activities are discovered in new and existing equipment, software, and third parties to organizations. Firewalls are breached, Vendors we use are hacked, software we create is breached and app we use on our phones are backdoors for attackers as well.
A comprehensive review of the cyber security digs deeper than reviewing the exposed 10-20% of the network, and actually reviews the active network as a comprehensive ecosystem.
IT Security Solutions recommends at least an annual Security assessment to determine the security posture and formal detection of internal activities.
IT Security Solutions, Inc. is a Pittsburgh based technology company with 25+ years of cyber security domain expertise catering to businesses of all sizes. The solutions offered range from technology security audits and penetration testing to continuous network scanning. The company recently launched ITS Safe™, a proprietary managed security solution that blocks hackers from attacking networks – the largest IT security threat facing businesses today.
As you can see there is much more than meets the eye when it concerns the security within your network. Call IT Security Solutions today, and let us help you protect your organization today!
 Known threats are used in Virus scanners, network scanning, software analysis, and logfile monitoring tools.
 Security Tools cannot test for unknown threats because these events are currently not known.
 Think of this as reviewing the activities that are already active, that are not detected as tomorrow’s threats, because they are considered as part of the current environment.
 The Security Assessment becomes stale because the users in the network add additional threats from their use of the environment.
 Every network we have examined include several of these activities, if not all of them.
This is could also be called, the 5 stages of grief for consumers and business owners.
If you are using a Credit or a Debit card, chances are that you have or know someone that has experienced someone else using their Credit/Debt card. This is an extremely horrible feeling, and border on the feelings of being violated.
So all of the above, and my personal experiences are for what we, the consumers, feel when this occurs. Spin this around for business owners now. There is no one that makes them whole, in fact their clients are all looking for assurances that they are not going to be hacked, and that they are whole.
The problem is that most businesses are NOT getting a Security assessment, to determine what their baseline level of security really is. Without a baseline assessment, how secure are you, really?
The mission of the Risk Avengers podcast is to discuss current cyber security issues, procedures for protecting your business, as well as Compliance requirements for business owners.
Our 10 minute format is designed to make it easy for listeners to get up to date on the current People, Processes and Problems for your Business.
The show is Hosted by Albert Whale, Founder & CEO of IT Security Solutions, and Jim Loeffler, President of InTune Business Advisors.
Join us to discover the road for improved security and protecting your business, be it small or global.
The information discussed on this podcast is presented for informational purposes only. It is not intended as nor does it constitute specific information security or accounting advice and should not be acted upon as such.