You’ll be amazed at what gets uncovered by a security threat assessment and the valuable insight that results.
“Wow, we had no idea that was going on in our network!”
After performing numerous threat assessments for a variety of organizations, this is the typical initial response and reaction that we receive once the final report is reviewed.
Why you ask? Unfortunately, most organizations do not really know exactly what is traversing their networks or what sites and applications are being visited and/or accessed by their users. Given this fact, the results of our assessments typically generate many surprises and eye opening discoveries.
From a technical perspective, while some monitoring may already be in place, it may not check all traffic. By this I mean encrypted traffic which typically represents a third to half of an organizations’ network traffic. Consequently, this means that the network team can only view one half or at best two-thirds of all network traffic which leaves a huge opportunity to anyone who wants to infiltrate an environment by merely encrypting data and making it unseen.
From a resource standpoint, many of the organizations that I meet with lack the resources needed to properly view, interpret and respond to potentially threatening traffic and data. In many breaches the existing security technology does identify nefarious traffic, however, it often gets overlooked. If this happens, nefarious traffic is not blocked or removed off the network thereby increasing the chances for a breach to occur.
Combined with the lack of resources, many times users access applications and/or sites that may contain malicious data and many technologies do not monitor or track this type of activity. For example, we very often find Peer2Peer applications (such as BitTorrent) running which not only takes up a tremendous amount of bandwidth, it also puts the organization in a precarious position since it is unknown if protected data is being shared. Additionally, Peer2Peer (P2P) applications allow bi-directional exchange of data from systems across the globe. Essentially it is an open invitation for other P2P users to access content on your network. A scenario typically not welcomed by many organizations.
In conclusion, like all things in life, it really makes sense to perform periodic security health checks via a continuous monitoring on your environment because you never know what you’ll find. The bad guys aren’t taking any breaks, that means the good guys can’t either.
AVP Security and Compliance Practice Head