Intelligent CISO Issue 9 - Page 33

 PREDI C TI VE I NTEL L I GE NC E Compromise assessment: The next step from VAPT In recent years, an increasing number of cybersecurity professionals have started to agree that an organisation falling victim to a threat agent is not a matter of if, but when. This has often made the case that a proactive approach to information security is a need of the hour for organisations of all sizes. Temitope Bakare, Strategic Security Consultant, Help AG, tells us more . . . . W ith cyberattacks increasing in volume and sophistication, a reactive approach to information security is no longer considered sufficient. As a result, in addition to measures such as security controls measurement, baselining, secure system and device configuration, periodic security assessments such as phishing exercises, vulnerability assessments and penetration testing are now regarded as necessary to defend an organisation’s IT infrastructure. By conducting periodic assessments, an organisation can proactively identify vulnerabilities within its environment and provide evidence that these vulnerabilities could be easily exploited. While vulnerability assessment and penetration testing (VAPT) is relatively www.intelligentciso.com | Issue 09 well known, another effective method that has thus far remained relatively unknown is compromise assessment. The security industry is usually littered with buzzwords and one must be careful as newly formulated terms often refer to well-known activities that are merely conducted in different ways. So, given that a VAPT exercise could reveal an entity’s susceptibility to compromise, what would make a compromise assessment different and why does it provide added value? Defining compromise assessment A compromise assessment is an evaluation of the organisation’s network and systems for artefacts of compromise. These could include the communications of a resident malware with a command and control (C2) server, proof of data exfiltration via insecure ports or perhaps through DNS and lateral movement across the network. Compromise assessment provides proof of the previously unidentified footprint of an attacker or of the existence of indicators of compromise (IOCs), whether the attacker has been successful or not and whether an attack is ongoing or dormant. This would usually involve a degree of forensic investigation, as it is important to be able to detect post-breach activity. Analogous to a person trying to protect the valuables in their house, a vulnerability assessment aims to uncover weaknesses such as missing door locks, unlocked doors, weak burglary fences and inattentive security guards. A penetration test involves physically verifying, through force or social engineering, that these weaknesses 33