GETTING THE BEST VALUE OUT OF SECURITY ASSESSMENTS

Security Advisor Middle East|September 2020

SANS CERTIFIED INSTRUCTOR AND CTO, INFIGO IS, DISCUSSES HOW ORGANISATIONS CAN CHOOSE THE RIGHT SECURITY ASSESSMENTS TO MAXIMISE THEIR SECURITY INVESTMENTS.

- BOJAN ZDRNJA

GETTING THE BEST VALUE OUT OF SECURITY ASSESSMENTS

There are many aspects to managing vulnerabilities in today’s complex IT environments. Performing security assessments is a popular way of identifying existing vulnerabilities, which then allows for proper mitigation. In this article we look at the differences between vulnerability scanning, penetration testing and red teaming, three security assessments that are popular, but that should be performed with care, in order to achieve best results.

Deciding which security assessment to perform depends a lot on an organization’s security maturity level, and the best results will be achieved by performing them exactly in the order listed – let’s see why.

Vulnerability scanning (assessments) is something that every organisation should be doing on a regular basis. This is the first, and the most basic activity in managing vulnerabilities: the goal of a vulnerability scanner is to find lowhanging fruit and known vulnerabilities or misconfigurations. Vulnerability scanners will do a great job of enumerating installed patches, finding default accounts and misconfigurations. Modern scanners can also authenticate against target systems (log in), which will allow them to list installed patches and correlate such information with actively obtained data from a scan, thereby reducing false positive reports.

It is recommended that vulnerability scanning is performed regularly in every organisation, preferably with internal tools. The most popular network vulnerability scanners are Rapid7 Nexpose, Tenable Nessus and Qualys. Just keep in mind that these should be used for network scanning, while other, more specialized tools exist for application-level scanning (i.e. for web applications).

This story is from the September 2020 edition of Security Advisor Middle East.

Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 8,500+ magazines and newspapers.

Already a subscriber ? Sign In

This story is from the September 2020 edition of Security Advisor Middle East.

Start your 7-day Magzter GOLD free trial to access thousands of curated premium stories, and 8,500+ magazines and newspapers.

Already a subscriber? Sign In

MORE STORIES FROM SECURITY ADVISOR MIDDLE EASTView All

Security Advisor Middle East

KASPERSKY SHEDS LIGHT ON THE RANSOMWARE ECOSYSTEM

Ransomware is on the tip of everyone’s tongue every time businesses discuss cyber threats they are likely to face in 2021.

3 mins |

May 2021

Security Advisor Middle East

GAJSHIELD: ENABLING CONTEXTUAL VISIBILITY FOR OPTIMUM DATA PROTECTION

HARRISON ALBERT, REGIONAL DIRECTOR, D-LINK MIDDLE EAST AND AFRICA, TELLS SECURITY ADVISOR MIDDLE EAST HOW GAJSHIELD’S CONTEXT-BASED APPROACH TO SECURITY HELPS ORGANISATIONS FIND ANOMALIES, REDUCE FALSE ALARM AND PREVENT INTENTIONAL & UNINTENTIONAL DATA EXPLOITATION.

3 mins |

May 2021

Security Advisor Middle East

THALES ANNOUNCES NEW SOLUTIONS TO HELP OGANISATIONS DISCOVER, PROTECT AND CONTROL SENSITIVE DATA IN MULTICLOUD ENVIRONMENTS

THALES HAS ANNOUNCED NEW DATA PROTECTION SOLUTIONS FOR GOOGLE CLOUD, MICROSOFT AZURE, AND AMAZON WEB SERVICES, SOLIDIFYING ITS ROLE AS A TRUSTED THIRD PARTY FOR MULTI-CLOUD DATA SECURITY.

3 mins |

May 2021

Security Advisor Middle East

RANSOMWARE RECOVERY COST FOR UAE IN 2021 IS $517,961: SOPHOS SURVEY

THE SURVEY POLLED 5,400 IT DECISION MAKERS IN MID-SIZED ORGANISATIONS IN 30 COUNTRIES ACROSS EUROPE, THE AMERICAS, ASIA-PACIFIC & CENTRAL ASIA, THE MIDDLE EAST, AND AFRICA.

5 mins |

May 2021

Security Advisor Middle East

OVERCOMING THE CYBER-PANDEMIC

ABHIJIT MAHADIK, DIRECTOR, CYBERSECURITY & INFRASTRUCTURE – UAE & KSA, RAQMIYAT SPEAKS TO SAME ABOUT THE EVOLVING CYBERSECURITY LANDSCAPE, THE THREATS ORGANISATIONS NEED TO WATCH OUT FOR AND HOW THE SECURITY PRIORITIES OF ORGANISATIONS HAVE SHIFTED SINCE THE PANDEMIC LAST YEAR.

4 mins |

May 2021

Security Advisor Middle East

FORTINET: MAKING A MARK @ GISEC

ALAIN PENEL, REGIONAL VICE-PRESIDENT, MIDDLE EAST & PAKISTAN AT FORTINET, EXPLAINS WHAT IT MEANS TO BE A PART OF GISEC THIS YEAR AND HOW FORTINET’S CUTTING-EDGE SOLUTIONS CONTINUE TO PROVIDE MAXIMUM PROTECTION AGAINST CYBERTHREATS AND ATTACKS.

4 mins |

May 2021

Security Advisor Middle East

ANATOMY OF AN OT ATTACK

MAHER JADALLAH, SENIOR DIRECTOR - MIDDLE EAST & NORTH AFRICA AT TENABLE, DISCUSSES HOW, INSTEAD OF DEFENDING AGAINST AN ATTACK IN PROGRESS, A MORE SUSTAINABLE APPROACH WOULD BE ONE OF PREVENTION – OF ORGANISATIONS DOING A BETTER JOB OF UNDERSTANDING THEIR SYSTEMS, WHERE AND HOW THOSE SYSTEMS MAY BE EXPOSED, AND PRIORITISING THE THINGS THEY NEED TO PROTECT THESE SYSTEMS.

7 mins |

May 2021

Security Advisor Middle East

MICRO FOCUS: OFFERING DRAMA-FREE IT WITH OPTIC

TOUFIC DERBASS, MANAGING DIRECTOR MICRO FOCUS MIDDLE EAST & AFRICA, DISCUSSES HOW THE LATEST IT PLATFORM FROM MICRO FOCUS OFFERS UNIFIED INTERFACE AND & EXPANDED INTEGRATION CAPABILITIES.

2 mins |

May 2021

Security Advisor Middle East

COPING WITH THE NEW NORMAL

HUSNI HAMMOUD, MANAGING DIRECTOR - ESET ME, BARRACUDA NETWORKS, IVANTI (PART OF MIDIS GROUP), TELLS SECURITY ADVISOR HOW THE CHALLENGES OF THE LAST ONE YEAR HAVE CHANGED THE BUSINESS LANDSCAPE AND HOW ORGANISATIONS ARE NAVIGATING NEW TRENDS.

3 mins |

May 2021

Security Advisor Middle East

AN IN-DEPTH DEFENCE STRATEGY

WERNO GEVERS, REGIONAL MANAGER, MIMECAST MIDDLE EAST, DISCUSSES HOW WHEN IT COMES TO EMAIL SECURITY, IT IS NECESSARY FOR SECURITY PROFESSIONALS TO EVOLVE FROM A PERIMETER-BASED DISCIPLINE TO A MORE PERVASIVE ONE.

4 mins |

May 2021