10th January, 2023
In today's world, network security needs can be complex; something is always changing, and cybersecurity concerns often prove to be a daily nuisance for businesses.
Combining the two major strategies outlined in this post; vulnerability assessments and pro-active threat hunting will help you identify weaknesses and successfully deep dive into your network to identify if any systems have been compromised and take steps to remove malicious actors who may have slipped past your existing endpoint security.
What is a vulnerability assessment?
A "vulnerability assessment" (also known as a "vulnerability analysis" or "VA") is a procedure for identifying, quantifying, and analysing security flaws in IT infrastructure.
The primary purpose of the VA is to identify any vulnerabilities that might harm the organisation's overall security and operations. Because of this, running VAs can assist you in efficiently reducing the likelihood of threats.
VAs, often used interchangeably with vulnerability analysis, are not the same as penetration tests; with a VA, we are not working towards the goal of compromising a system or exploiting a flaw; rather, the VA finds and measures the severity of a system's weakness, and decisions for effective changes can be made based on this information. When this procedure is established and performed on a regular basis and improvements are deployed swiftly and successfully, a VA can be a highly powerful tool, especially when combined with pro-active threat hunting.
What is a threat hunt?
A "threat hunt" is the pro-active search for cyber threats that could be hiding undetected in a network.
Cyber threat hunting delves deep into your network to uncover stealthy attackers who may have been there for months collecting data or obtaining credentials, allowing them to move laterally through your network and wreak havoc on your organisation.
In most security configurations, once an attacker has penetrated beyond the organisation's primary protections, they are free to do anything they want.
Actively conducting threat hunts is a method of shining a searchlight on your own internal network and catching them in the act.
Why would you combine the two?
Aside from allowing you to fully understand and have an effective idea of what your network looks like to an attacker, the two techniques complement each other very well.
If a VA identifies a newly disclosed vulnerability present on a system, in addition to patching/mitigating the problem, it is extremely important to know whether that system has already been compromised. Back-in-time threat hunts should be carried out across a variety of data sources to identify IoA (Indicators of Attack) and IoC (Indicators of Compromise), network traffic & log data patterns relating to the vulnerability can be used to determine whether those systems have already been compromised.
How can Telesoft help?
Telesoft takes this to the next level by merging the previously mentioned techniques and efficiencies into a well-formed and agile package.
Our SOC and Cyber Security Services are built on 30+ years of industry expertise and supported by our own state of the art cyber products, utilised by Governments and Telecommunications providers worldwide.
Our fully managed Continuous Vulnerability Assessment Service assists you identify, classify, and address security risks and weaknesses. We provide ongoing support and guidance to effectively mitigate identified vulnerabilities across both internal and external, public facing systems.
To establish whether a host has already been compromised, we will conduct back-in-time threat hunts on your behalf based on the strategies, techniques, and procedures involved with exploiting the vulnerability.
Our skilled cyber analysts understand the complexities of safeguarding an organisation's infrastructure against both internal and external threats. They have extensive expertise in conducting vulnerability assessments and collaborating with customers to lower their attack surface and thereby improve their overall security posture.