If there is anything more viral these days than ransomware, it is a TikTok challenge. In late November, the ‘Invisible Challenge’, in which people filmed themselves naked but their body was hidden by a filter, became fashionable. Criminals created videos in the app, offering filters to overcome the previous filter and redirecting users to Discord to download them. However, the software users downloaded was not a filter but malware capable of stealing sensitive user information such as Discord accounts, browser passwords and credit cards, or cryptocurrency wallets. If this malware is triggered on an enterprise device, what would happen? If the company has conducted a network security assessment, it can be prepared to contain its impact and successfully resolve the incident.
The above example evidences the innovativeness of malicious actors and their search for new channels to impact companies and users to commit fraudulent actions.
Ransomware attacks continue to grow, phishing techniques are increasingly sophisticated, and critical cyberattacks are also on the rise… The threat context is full of challenges. This is why companies and public administrations must carry out a network security assessment and thus be aware of their vulnerabilities and remediate them to protect their assets and their security information.
This article will analyze the benefits, types and phases of a company’s network security assessment.
1. What should we protect?
Every organization’s network comprises different components: network ports, wireless networks, devices, applications, files, databases, etc.
These assets are crucial to the operation of the company’s network. As a result, a successful attack that manages to exfiltrate customers’ personal information recorded in a database can lead to an economic, reputational and legal crisis that impacts the company’s profits and viability.
Although all the components play a role, not all have the same value for the organization nor the same weight in its processes or business model.
A company whose marketing channel is its marketplace can suffer a major crisis if attackers not only manage to paralyze its operation but also collect the financial information of the customers who buy from it.
For a company that does not sell online, a crash on its website may be a minor problem. However, if its network devices are unusable for 24 hours or if attackers have access to corporate email, it can cause serious problems.
Every company or institution is different. The network security assessment should start from this mantra and be tailored to the organization’s characteristics, needs and resources to be assessed.
It is also essential to remember that a network security assessment protects not only the components of the network but also the company’s customers and users and, with them, the company as a whole.
2. Who should we protect ourselves from?
When they think of cyber-attacks, most companies and users imagine gangs of computer experts hiding behind powerful computers in some corner of the world.
Beyond the stereotype of the hoodie and the penumbra, the truth is that attackers can have multiple origins, ways of operating and targets. And incidents can be caused by multiple factors, both internal and external.
Any network security assessment must take this fact into account.
Thus, it should not only test the strength of a network against external attackers and how security and remediation measures respond when an attack occurs at the network perimeter.
It should also look at the internal weaknesses of the network, as well as the possible carelessness of the people working on it. Sometimes security breaches occur because a user has acted negligently or insecurely. To take the example with which we started the article: an employee using TikTok from his company cell phone, connected to the company’s wireless network and downloading illegitimate software, needs to be sufficiently scrupulous.
2.1. Putting the spotlight on suppliers
On the other hand, cybersecurity experts are increasingly emphasizing the need to include those vendors or partners with access to the network in the network security assessment. Why?
A company has conducted a network security assessment and implemented several enhancements to its security controls to fortify it against external and internal attacks. However, one of your vendors’ security systems needs to be improved and has access to your network. So attackers can attack the company through this vendor. We can go back to 2017, in the context of the Wannacry ransomware infection, to evidence this situation.
3. Objectives of a network security assessment
From everything we have described, we can infer the main objectives of a network security assessment and the reasons that may push companies to undertake it.
Although the list could be longer and more detailed, we will address the six key objectives that justify the need for companies with a greater or lesser presence in the digital world to undertake a network security assessment.
3.1. Detecting weaknesses in the components that make up the network
First, the network security assessment analyzes the components that make up the network for possible vulnerabilities that attackers could exploit.
However, this task is not limited to mere detection, but, taking into account the existing threats, the risks linked to each of the network assets can be established.
A prioritization of the weaknesses identified must also be established. For example, suppose an asset is critical. In that case, it will be more important to remediate a possible vulnerability affecting this asset than to undertake the remediation of five vulnerabilities of another network component that does not have the same importance for the company in terms of business model.
In this regard, it is important to emphasize that it is necessary to remedy those weaknesses that could have higher-level consequences, such as the exfiltration of confidential information or the paralyzation of business-critical processes.
3.2. Checking the effectiveness of security measures
The network security assessment provides valuable information on a company or institution’s vulnerabilities, threats and risks. It also serves to test the effectiveness of security measures already in place.
Preventing attacks from succeeding and causing damage to the network is undoubtedly a matter of having comprehensive and complete security controls, measures, protocols and policies in place.
Using a network security assessment, it is possible to check how they respond to real attacks and evaluate their behavior. The objective, of course, is to be able to introduce the necessary improvements so that when they have to combat a malicious attack, they can do so with maximum efficiency, in the shortest possible time and limiting its impact.
3.3. Measuring the impact of attacks on assets
This last question leads us to another objective of network security assessment: measuring the impact of attacks on network elements and, in particular, on critical assets.
As we shall see in the next section, there are two types of network security assessment. The most advanced and comprehensive consists of running penetration testing services. In this way, the objective we have just stated can be achieved. Professionals simulate real attacks to act as hypothetical attackers. This means the simulated attacks can have a similar impact to the real ones.
In this way, by collecting all the information generated during pentesting, the impact of a possible attack on a high-value asset can be assessed. This will also allow us to prioritize the remediation of vulnerabilities and implement new security measures. This is vital since companies need more financial, human, technological and time resources to fortify their network.
3.4. Keeping abreast of new threats and preparing to deal with them
A company may have conducted a network security assessment a few years ago and implemented the necessary measures to address weaknesses and improve its security systems. However, the emergence of new ransomware or the design of a more sophisticated social engineering technique is capable of impacting your network and causing a serious security incident.
This hypothetical case illustrates an issue that we must never lose sight of. In the fast-changing world of cybersecurity, what is secure today may not be secure tomorrow. Criminals are making their attacks more complex and sophisticated and constantly looking for new ways to create security breaches, hybridizing old techniques and developing new methodologies.
Performing a continuous or periodic network security assessment enables companies to adapt their security systems to the new threats emerging in the world and anticipate them so as not to discover their existence by suffering them first-hand.
3.5. Finding solutions to optimize security
Of course, network security assessment is not limited to analyzing vulnerabilities and security systems and studying attackers’ behavior. All these actions result in an enormous amount of information which, once systematized and processed, is vital for proposing a series of recommendations to help overcome the weaknesses found.
In this way, the network security assessment not only serves to find problems or deficiencies but also informs companies of the measures that can be implemented to address them. This is, therefore, a study of great added value.
3.6. Complying with current regulations
Protecting its critical assets is already a strong reason for a company to implement a network security assessment. But, in addition to the dangers it may face if it fails to do so, there is another vitally important motivation: to comply with the regulations in force.
Not only with the GDPR and other data protection regulations but also with European regulations and directives such as the NIS2 directive, which focuses on companies operating in strategic sectors, or the DORA regulation, which regulates the resilience of organizations in the financial sector to attacks.
This regulatory framework establishes requirements for ensuring information security and protecting companies themselves and society as a whole.
Using a network security assessment, it is possible to detect gaps and optimize security measures and policies to comply with current regulations. And avoid not only the consequences at the business level of a possible compromise but also the possible sanctions that the organization could face in case of non-compliance.
4. Types of network security assessment
In addition to the fact that any network security assessment must be tailored to the needs and characteristics of each organization when approaching this type of analysis, a distinction is usually made between two different types. On the one hand, we would have the vulnerability assessment, whose objectives are less ambitious and the scope of the work performed less in-depth. On the other hand, there are penetration testing services, which test, from a more realistic perspective and in greater depth and detail, the possible attacks to which the network, its components and existing security systems are susceptible.
4.1. Vulnerability assessment
This first type of network security assessment is focused on identifying vulnerabilities and gaps in the assets that make up the organization’s network.
Through this study, cybersecurity professionals analyze the internal network and the organization’s perimeter to find weaknesses that attackers could exploit and result in security incidents.
The result of the work is a report compiling vulnerabilities, indicating the areas most exposed to cyber-attacks and proposing a series of recommendations and an action plan to mitigate the weaknesses.
This network security assessment modality can be attractive for companies that do not have a high level of digitization and do not yet dedicate sufficient resources to cybersecurity. It allows them to focus their efforts and resources on protecting those assets that present the most weaknesses or are considered critical for the business and, therefore, must be fully secured.
4.2. Penetration testing services
Pentesting services go beyond the mere search for vulnerabilities. Advanced penetration testing is an offensive security test in which professionals simulate a real cyber-attack using the methodologies of criminals but in a controlled environment.
In this way, weaknesses in the network can be identified. Still, threats can also be executed to study how security controls and measures respond and the impact of a successful attack.
All the information gathered during pentesting is used to map asset vulnerabilities, establish the level of risk of successful exploitation and assess the effectiveness of security systems.
The data is then entered into a pentesting report that lists the techniques used, the scope of work, the vulnerabilities detected and recommendations for remediation and optimization of security protocols and controls.
Let’s look back at the objectives of a network security assessment. Penetration testing services are best suited to meet them since they allow companies to obtain a more complete and in-depth overview of their security systems and the securitization of their critical assets.
5. Phases of an advanced network security assessment
The network security assessment involves, as we have already noted, an in-depth analysis of the cybersecurity of a company or institution. This implies that such a task is of strategic value to companies and should be approached in collaboration. In addition, cybersecurity is an issue that should be part of a company’s strategy; therefore, business objectives and internal processes must be considered when designing and implementing a network security assessment.
Based on this mantra, we will address the different phases of a network security assessment.
5.1. Drawing up an inventory of the assets that make up the technological infrastructure
How do you start a network security assessment? By drawing up an inventory of all the assets that make up the technological infrastructure.
Based on this information, you can go on to design a network security assessment that is adapted to the elements of the network and the characteristics of the company.
5.2. Identify critical assets and processes according to the business model
Ideally, it would be possible to study all network elements; however, not all companies have the same resources or priorities.
Therefore, when it comes to inventorying the elements that make up the network, some organizations will include all their assets susceptible to attack. In contrast, others will limit themselves to the most relevant and whose vulnerability could result in extremely serious security incidents and areas where regulations require security testing and assessment.
These critical assets and processes will be analyzed, thanks to the work of the pentesters, to discover any vulnerability that malicious actors could use to enter the corporate network.
5.3. Analysis of assets and their vulnerabilities
Simulating the behavior of real criminals, using their techniques and tactics, makes it possible to measure the level of protection and risk of each of the organization’s assets.
In this way, a deep understanding of the various vulnerabilities can be achieved, which will help design the best measures to address them and prioritize them.
Through pentesting services, a company subdomain may be found to have multiple vulnerabilities. However, the risk level of these vulnerabilities is low, and the potential attack on this subdomain would not open the door to lateral movement of attackers throughout the network, nor would it impact business continuity or information protection.
On the other hand, the company’s customer database only registers one vulnerability. But if exploited, it could allow attackers to access thousands of customers’ financial and personal data. The economic, reputational and legal impact could be devastating.
It should be noted that pentesting services do not limit themselves to analyzing the network but also consider multiple threats to carry out attack simulations. Thus, a relationship is established between assets, vulnerabilities and threats.
This triangulation results in the level of risk derived from threat exploiting a vulnerability to attack an asset successfully.
5.4. Testing of security controls, measures and protocols
If pentesting is used to perform a network security assessment, not only is a detailed study of the vulnerabilities of network elements obtained but also their protection measures can be tested.
The defense of assets involves correcting vulnerabilities and optimizing security protocols, mechanisms, techniques, and policies for detecting and combating cyberattacks. As well as mitigating their effects and enabling business continuity and post-incident recovery.
By simulating real attacks, it is possible to verify reliably how security systems respond to incidents, gather information about them and be able to design measures to improve the organization’s detection, response, resilience and recovery capacity.
5.5. List of vulnerabilities and recommendations for remedying them
Any network security assessment of a company or public administration aims to identify all existing weaknesses and propose measures to remedy them.
The huge amount of information obtained during the execution of a pentesting is systematized and analyzed by professionals and transformed into a report of great added value for the organization.
It reflects the problems encountered and the actions to be taken and establishes a series of recommendations to solve the weaknesses. In this way, the organization has all the data on the vulnerabilities to be corrected and the effectiveness of the current security measures.
From there, depending on the company’s priorities and business strategy, the recommendations can be implemented and the network secured against attacks.
Does the network security assessment end here? No.
5.6. Continuous network monitoring
Suppose a company hires the pentesting services of a company specializing in cybersecurity, such as Tarlogic Security. In that case, it will obtain all the information detailed throughout this article on the level of protection of its network and the assets that make it up.
But we have to add one thing to this paragraph: at the time the works are being performed, it is of particular importance to keep in mind that the execution of a pentesting job shows the state of the corporate infrastructure at a given time.
Cybersecurity is a particularly liquid and constantly changing industry. New technologies are continually being developed. As a result, an organization’s infrastructure is growing and becoming increasingly extensive, and so is its exposure to potential attacks. Criminals are aware of this and are always trying to take advantage of this situation and innovating their methods and tactics.
It is, therefore, essential for companies to continuously monitor their network. In this way, they will achieve two vitally important goals:
- Analyze the implementation of recommendations. It is possible to invest in a network security assessment to check whether the specialists’ recommendations are implemented correctly or incompletely. It is, therefore, of great importance to follow up on the measures taken after the network security assessment.
- Adapt security systems to new threats. By monitoring the network continuously or recurringly, it is possible to detect whether a new threat can exploit a vulnerability or a security breach, calling into question the integrity of the network and, therefore, of the company itself.
6. Network Security Assessment: a strategic investment
The constant cases of cyber-attacks that we can find in the media, the appearance of techniques and malware that are increasingly complex and difficult to detect and combat, the implementation of more demanding regulations, such as the DORA regulation approved at the end of November by the EU… All these issues tell us the same thing: companies, public administrations, and citizens must take cybersecurity seriously.
Moreover, in the case of companies, cybersecurity must be addressed as a central element of business strategy, on the same level as business strategy, economic planning or the development of the goods or services they sell.
Implementing a network security assessment can be a strategic investment that not only serves to comply with the law but also helps to secure a company’s assets and processes and protect against criminals, their fraudulent actions and the pernicious consequences of security incidents.
Awareness of one’s vulnerabilities, the enemies’ methods and the efficiency of defense measures are crucial to remedy the first, combat the second and improve the third. At stake is the security of customers and employees… and the business model itself.
More articles in this series about Security Assessment
This article is part of a series of articles about Security Assessment
- The 5 keys to a security risk assessment
- Global security assessment: Knowing the weaknesses to address them
- Network Security Assessment: Protecting assets, preparing for attacks