• Cybersecurity and the Vulnerability Assessment: the reason why it is important to secure your data online. The risk of an attack concerns each and everyone

    Cybersecurity is a hot (and dayly) topic for anyone who has data to protect; to prevent a cyber attack and to take countermeasures in case of attack is essential for anyone who uses IT means, even more for those who works with those instruments. Right now the main question among the insiders isn't IF a cyberattack will take place, but WHEN.

    Nowadays, hackers aren't focusing only on important sites, such as national ones or big companies ones, but thanks to ever complicated software, they hack small sites with protection systems that are not up-to-date.

    "When talking about cyber crime, there are only two types of companies: those that have been hacked and those that doesn't know it"
    Robert Mueller, ex FBI Director.

    IambOO, during its 10 year-long activity, has created a work method, that is replicable and affordable for little and medium companies that want to face the problem of their data security.

    The guidelines given by the National Institute of Standards and Technology (NIST) establish five essential macro-processes for every on-line company: to identify, to protect, to detect, to respond and to recover.

    Each of these five points establishes some actions focused on sensitive data protection, for example risks analysis beginning from the importance of goods to protect in order to evaluate successively attack threats in probabilistic terms and the consequent potential damage.
    The starting point of every approach towards cybersecurity is always to evaluate the system vulnerability (physical and logical) that you are analysing in that precise moment. Vulnerabilities are nothing more than the "weak points" through which the cyber threats get to do some damage to companies.
    This is the reason why IambOO proposes itself as an ideal partner to run a Vulnerability Assessment, that is an analysis of all the assets in order to detect and define the risk level of the well known vulnerabilities and to address the appropriate risk mitigation strategies.

    The activities IambOO runs during Vulnerability Assessments are based upon methodological guidelines OSSTMM (a ISECOM handbook that describes a methodology for security tests executions in different environments and establishes some elements related to the planning and to the Rules of Engagement. It is usually used  for Network Pentests and Wireless Pentests) based upon the internal VA, in other words this is a scan created through a host positioning within the private web (Intranet), to be able to gain a better view of the examined systems.

    After having run the VA, the following step is to run a Penetration Test, a dynamic and adjustable process, that changes according to the customer's infrastructure and needs. This way of working makes it possible to create a standard for the methodology used to run a PenTest, but it allows to change the procedures and the results gained from it and it involves human activities, given the different infrastructures, machines and networks. Stress tests, that simulates possible attacks and evaluates every time the systems critical points, are run, obviously not compromising the devices stability that are present in the slope of the examination.

    penetration_testing_iamboo

     

    Tests that are run, are based upon three requirements:
    1. BLACK BOX: the pen tester doesn't know anything about the network nor the systems. This BLACK BOX test simulates an external threat.
    2. WHITE BOX: the pen tester has a full knowledge of the network, the systems and the infrastructure in general. This WHITE BOX test simulates an internal threat.
    3. GREY BOX: the pen tester has little knowledge of the network and the systems.

    The final goal of penetration testing is to create a detailed report in which critical issues in the customer systems are highlighted, the cyberattacks vulnerability with the potential damages and the composing of a security plan in order to lower or cancel those risks.

Categories

Potrebbe interessarti

Potrebbe interessarti