How to strengthen your cyber resilience with a compromise assessment

In 2022 alone, the German Federal Office for Information Security (BSI) recorded an increase of 116 million new malware variants, 15 million reports of malware infections of German systems and a significant professionalization of cyberattacks. 40 percent of security breaches had a significant impact on business operations(BSI report on the state of IT security in 2022). IT security experts see this development as a challenge for cyber security.

How can companies succeed in achieving and maintaining effective cybersecurity under these conditions? In this article, our author shows how the Compromise Assessment can usefully extend traditional IT security tools and thus help companies to achieve robust cyber resilience.

The prerequisite for cyber resilience in companies

Cyber resilience refers to the ability of organizations to understand threat scenarios, assess them correctly and be optimally prepared for the worst-case scenario. One of the most important tasks of IT security managers in this context is to find ways to quickly identify a potential compromise, deal with it appropriately and minimize its impact. The idea that cyberattacks on organizations can always be prevented has not been realistic for some time now. We know from the past that there can be no such thing as 100% security. The more digitalization progresses, the greater the attack surface for cyber criminals and hostile state actors.

It is therefore not just about preventing cyberattacks, but in particular about the ability to recognize them quickly and respond immediately with appropriate measures if they occur. To enable companies to respond to attacks as quickly as possible, they should focus on proactive IT security measures and measures to detect cyberattacks. The development and expansion of these targeted measures are essential in order to strengthen resistance to cyberattacks. After all, operational downtime, the theft of sensitive data and the resulting reputational damage could, in the worst-case scenario, threaten a company’s very existence.

The weaknesses of traditional protection measures: Vulnerability management and penetration testing

Traditional measures such as vulnerability management or penetration tests are still frequently used in companies to increase IT security. But what can the use of these measures actually achieve in terms of rapid attack detection and defense?

Vulnerability management

By implementing an automated vulnerability management solution, the aim is to identify and deal with existing security gaps. A vulnerability management tool examines the attack surface, identifies existing IT vulnerabilities and reports them. The identified IT vulnerabilities are assigned severity levels (e.g. low, medium, high, critical). On this basis, they are sent to the analyst team with appropriate recommendations for action. Vulnerability management includes not only the identification and assessment of vulnerabilities, but also the successful elimination of vulnerabilities.

The penetration test

A penetration test is a targeted and individually conducted IT security check. This procedure is used to identify the extent to which a company’s IT or information security is at risk from external or internal attacks and whether the IT security measures already in place offer sufficient protection. In contrast to a vulnerability scanner, a penetration tester is able to verify the discovered vulnerability by using additional tools, modules or an exploit. Furthermore, it is not limited by a single vulnerability database, as this manual approach also makes it possible to identify further security gaps “behind” the exploited vulnerability.

What is missing in the use of vulnerability management and penetration testing

To summarize, vulnerability management helps to identify weaknesses and the penetration test shows whether these could also be exploited. Wouldn’t it be at least as important for a company’s cyber resilience to permanently or at least periodically check systems to see whether vulnerabilities have already been exploited?

Or to put it another way: wouldn’t it be extremely important to know whether systems in the company have already been compromised and are therefore in the hands of attackers? This is exactly where a Compromise Assessment comes in!

Compromise assessment as a supplement to traditional protective measures

The measures mentioned above should be supplemented by a useful feature – the Compromise Assessment.

Forensic methods and tools are used as part of the compromise assessment: An agent is used on the end system, which searches with forensic thoroughness for traces of attacks, so-called Indicators of Compromise (IoC), and transmits the results to a central system. For example, volatile and non-volatile data on a system, configurations, logins, user interactions or software that has been installed, executed or downloaded are examined. The indicators of compromise are based on forensic artifacts that an attacker inevitably leaves behind. By analyzing and evaluating these indicators, compromised systems can be identified and the underlying vulnerabilities can be discovered and clear recommendations for action to eliminate the vulnerabilities can be derived. Compromise Assessment not only looks at a single system, but at the entire infrastructure of a company and also allows a look into the past.

It is a resource-saving and accurate method for reliably detecting attacks, which are often successful despite preventive measures, and minimizing any damage. It has been shown that the security level – and therefore cyber resilience – can be greatly increased with compromise assessment: Studies by various companies and institutes show that it usually takes several months before an attack is even detected. This means that an attacker has several months to reach their actual target. The potential damage caused increases with every day that the attacker remains undetected. With Compromise Assessment, the time to detect a successful attack can be reduced to a few days in the best case scenario.

Vulnerability management, penetration testing and compromise assessment as a trio for robust cyber resilience

As discussed above, vulnerability management helps to identify and eliminate weaknesses. Regular penetration tests carried out by experienced pentesters show whether these vulnerabilities can also be exploited. The most reliable way of knowing whether vulnerabilities have already been exploited or systems in your company have been compromised is to use a compromise assessment. Continuous Compromise Assessment allows you to go one step further: Here, the system landscape is subjected to a continuous and proactive review in order to achieve and maintain sustainable cyber resilience. As part of the Continuous Compromise Assessment, an initial scan including evaluation is carried out at the beginning to obtain an initial assessment of the general situation. This investigation is quite complex, as millions of forensic artifacts may need to be examined. Subsequently, further scans and evaluations are carried out on a regular basis, in which only the changes to the artifacts that are treacherous for an attacker need to be analyzed. This is significantly easier and therefore much faster.

The Compromise Assessment can therefore be classified as an excellent addition to existing security measures. Carried out regularly (Continuous Compromise Assessment), it makes a valuable contribution to increasing cyber resilience.

Conclusion

Vulnerability management helps to identify weaknesses and a penetration test shows whether these could also be exploited. But only with a compromise assessment can it be reliably identified whether existing vulnerabilities have already been exploited!

With a compromise assessment, the traces of attackers are reliably detected and compromised systems in the company are tracked down. This means that cyber attacks can be detected and thwarted at an early stage, ideally before major damage occurs. Compromise assessment, especially in the form of a regularly conducted continuous compromise assessment, is therefore a valuable tool to supplement existing measures such as vulnerability management and regular penetration tests and to strengthen a company’s cyber resilience in the long term.

Share post on:

XING
Twitter
LinkedIn

Ramon Weil • Autor

Founder & CEO

Ramon Weil is founder and managing director of SECUINFRA GmbH. Since 2010, he has developed SECUINFRA into one of the leading companies in the field of detection, analysis and defense against cyber attacks in Germany.

> all articles
Cookie Consent with Real Cookie Banner