PREDI C TI VE I NTEL L I GE NC E
Compromise
assessment:
The next step from VAPT
In recent years, an increasing number of
cybersecurity professionals have started to agree that
an organisation falling victim to a threat agent is not a
matter of if, but when. This has often made the case that a
proactive approach to information security is a need of the
hour for organisations of all sizes. Temitope Bakare, Strategic
Security Consultant, Help AG, tells us more . . . .
W
ith cyberattacks
increasing in
volume and
sophistication, a
reactive approach
to information
security is no
longer considered sufficient. As a result,
in addition to measures such as security
controls measurement, baselining,
secure system and device configuration,
periodic security assessments such
as phishing exercises, vulnerability
assessments and penetration testing are
now regarded as necessary to defend
an organisation’s IT infrastructure. By
conducting periodic assessments, an
organisation can proactively identify
vulnerabilities within its environment
and provide evidence that these
vulnerabilities could be easily exploited.
While vulnerability assessment and
penetration testing (VAPT) is relatively
www.intelligentciso.com
|
Issue 09
well known, another effective method
that has thus far remained relatively
unknown is compromise assessment.
The security industry is usually littered
with buzzwords and one must be careful
as newly formulated terms often refer
to well-known activities that are merely
conducted in different ways.
So, given that a VAPT exercise could
reveal an entity’s susceptibility to
compromise, what would make a
compromise assessment different and
why does it provide added value?
Defining compromise assessment
A compromise assessment is an
evaluation of the organisation’s
network and systems for artefacts of
compromise. These could include the
communications of a resident malware
with a command and control (C2) server,
proof of data exfiltration via insecure
ports or perhaps through DNS and
lateral movement across the network.
Compromise assessment provides
proof of the previously unidentified
footprint of an attacker or of the
existence of indicators of compromise
(IOCs), whether the attacker has been
successful or not and whether an attack
is ongoing or dormant. This would
usually involve a degree of forensic
investigation, as it is important to be able
to detect post-breach activity.
Analogous to a person trying to
protect the valuables in their house, a
vulnerability assessment aims to uncover
weaknesses such as missing door locks,
unlocked doors, weak burglary fences
and inattentive security guards.
A penetration test involves physically
verifying, through force or social
engineering, that these weaknesses
33