Are you having trouble remediating your penetration test findings? It might be time to get some help from TrustedSec.
After TrustedSec consultants complete security assessments, clients will often ask us to re-test the specific findings from the last test. But in many instances, those same problems exist—sometimes they are exactly the same, but other times, they manifest as different symptoms of the same challenge. Here are a few quick tips to avoid testing the same vulnerabilities over and over.
Ask Questions…It’s Free!
At TrustedSec, we are always willing to hop on a phone call, answer any questions, or offer advice. Security has gotten very complicated and no one person knows everything about security and compliance—it’s simply too much. Thus, it can be tremendously helpful to run an idea or issue past someone who has been there or helped others with the same situation. Sometimes a little nugget of information can really save you.
Look at ‘Blue Team’ or Program Improvement Services
While most frameworks and regulations emphasize testing and auditing the environment for failings, they typically don’t assist with improving the processes, procedures, and effectiveness of technologies to enable a better program. Over the last several years, we have seen several companies address issues in greater depth to leapfrog advancement in tactical areas, including:
- Defensive Countermeasures Guidance—This Blue Team Guidance analyzes penetration test results and makes appropriate recommendations to improve the Security Information and Event Management (SIEM).
- Attack Path Effectiveness Review—Using the MITRE ATT&CK™ framework, this review helps to determine tool coverage and gaps in the defense, shows where there is tool overlap for potential budget savings, and provides insight on resource constraints. Everything is then compiled in a heatmap that can be delivered to executives.
- SIEM Ingestion Review—An ingestion review focuses the SIEM on the most common event IDs while also identifying logs that provide little to no value for detecting Indicators of Compromise (IoCs).
- Baseline Configuration Review—It’s common for internal systems and cloud platforms to have a tremendous amount of options and services that aren’t configured correctly or aren’t being used properly. A baseline review can help build best practices and ensure consistency in various systems.
- Advisory Support—Advisory Services provides security and compliance advice for specific areas of the program where there have been struggles or a lack of expertise in the organization. Sometimes, just a point in the right direction can save weeks of effort and thousands of dollars of investment.
- Policy Development—While policy development isn’t normally associated with penetration test findings, there are areas where policies provide direction and accountability to employees and other stakeholders.
Get Some Remediation Support
Addressing the findings from penetration tests or other assessments often appear to require straightforward changes. However, there can be underlying issues that prevent the change from taking place or there can be unexpected consequences of making the change. TrustedSec’s experience helps these remediation items get resolved effectively and efficiently. Leverage our team as a force multiplier to help implement multi-factor authentication (MFA), appropriately harden systems, and correctly use the security features in Office 365.
With the right help at the right time, you can fast forward your program and secure at least part of the environment to reduce security gaps. Most remediation engagements take between one and three weeks and do not have to kill your budget.
Seek Feedback and Answers From Peers
TrustedSec recently rolled out a forum on Slack that covers many different topics—red teams, tool-talk, incident response, governance, risk, and compliance (GRC), and even some off-topic areas if you need a diversion. Further, we host ask me anything (AMA) sessions periodically for immediate feedback and discussion. Not only are TrustedSec experts available, but other infosec folks from various organizations contribute their own tips and tricks. The tremendous outpouring of knowledge and active participation have resulted in an informative back-and-forth of ideas and solutions.
There is so much to security and compliance that there is no way one person can know it all. And with all of the news of breaches, it can seem like you’ll never get ahead of it. Having an extension of your team can truly make a difference.
With the vast array of tools, exploits, and external challenges out there, getting help with security and compliance is more important than ever. We’re all in this together, so take a first step today! The folks at TrustedSec are here to assist in any way we can.