Most Effective Security Defences Against Hackers According To Hackers!

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 27 March 2017

What better way of finding the best counter measures against hackers than asking the hackers themselves. Penetration testers spend their day-to-day life breaking into computer systems and attempting to get around obstacles put in place to stop the bad guys. But why ask penetration testers? The only difference between black hat hackers and penetration testers (white hat hackers) is that one of them has a statement of work to do it legally and the other does not. The methodology and tools of attack are the same.

A large group of white hat hackers took part in a survey about the results from their penetration tests to identify the main issues they came across and what measures you should implement to not fall victim to the same attacks. 72% stated that their first plan of attack is social engineering. Employees are often regarded as the weak link in the chain which puts them at the top of the list for attack. Most hackers involved mentioned that more needed done about security awareness in the workplace as tricking an employee was an easy way to exploit their target. Having security-educated staff can often be one of the key security defences on preventing company information from going into the wrong hands.

88% of penetration tests done by the surveyed white hat hackers took less than 12 hours to compromise the target. After the initial breach, 81% of testers took under 12 hours to find and steal critical data from the target’s network. 33% stated that they were never detected during the entire assessment. From these results it is easy to see that a lot more still needs done on securing businesses and monitoring of traffic to detect and prevent real attackers in their systems. Another comment made by several penetration testers was that it does not matter what size of organisation they were targeting, the chance of exploitation and compromise was the same.

66% of tests resulted in finding exploitable software related vulnerabilities and network configuration issues that could be used to gain unauthorized access were found in 66% of businesses systems. These exist due to software suppliers caring more for ease of deployment and usability, misconfiguration of network devices and bad patching practices. From these two vulnerability types, over 80% of penetration tests are successful in compromising the target business. These can be easily protected against by implementing good patch management, network segmentation, regular scanning and assessments.

After a full penetration test, the work is not over. Remediation is a key stage after the results are acquired, however from this survey only 10% of clients remediated all vulnerabilities and retested the environment. 5% of businesses only wanted to obtain the ‘check in the box’ to achieve compliance and did not act on the results of the assessment at all. 75% only focused on critical and high vulnerabilities. Although remediating major vulnerabilities is obviously a good start, flaws rated as low or medium does not mean that an attacker use them to their advantage. Individually the chance of exploitation from these may be low but by using several of these vulnerabilities together, an attacker can still sometimes craft a successful exploit.

From the results of the survey, it was revealed that the most challenging layer to bypass in a company’s security model was intrusion detection and prevention systems. However, all controls designed to stop hackers, with enough time and effort, can be bypassed. It all boils down to defence in depth rather than depending on a single measure of security. If one layer fails, it is not game over. With the right educated people and technology combination, the chance of compromise can be minimal.

Not all risk can be removed. Although, most hackers target low hanging fruit and try to find the path of least resistance. If a hacker’s attempt into your systems is making no progress, their patience may run thin and a lot of the time they will move on to another target. For example, if one computer is patched, running up to date security software and has a strong password and another computer has not been patched for a while, has no security software in place and has a weak password, then an attacker will go for the second machine. It is all about being ahead of the game and not being an easy target.

Contact us for advice or with any questions about your security. Intact Security are here to help.

Relax. Your security is Intact.

Author: Intact Security

Google


The Importance Of Continuous Monitoring And Vulnerability Management

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) 30 January 2017

Companies may be aware that they need to have penetration tests and vulnerability assessments at least annually, but what about your security every other day during the year. Security is an ongoing process and while both these measures help to secure your company, new vulnerabilities are uncovered every day.

80% of external attacks take advantage of known vulnerabilities that have either have not been patched within the software or systems that are misconfigured.  Continual monitoring and scanning of your systems are encouraged within your company. This preventative method in turn will make a huge difference in increasing your security.

Software may be safe and secure one day, and the next it could be riddled with new found vulnerabilities. Just as security experts blog about new threats and alerts to everyone, this also alerts hackers about the weak points present. Using this information, they can generate new attacks and exploits against software that has not been updated.

Implementing firewalls and IDS/IPS (Intrusion detection/prevention systems) is a good step to securing your company, however do not solely rely on them.  These also come with their weaknesses and often hackers can get around them without being detected. Continual monitoring of the traffic within your network can quickly identify unusual activity that could result in the compromise of sensitive data. Anything strange such as a large data transfer or unapproved encrypted requests should alert your security team and be looked further into.

Companies should be on top of their vulnerability management to ensure rapid updates to software and if needed, fixes to networks and/or applications. By frequently scanning and evaluating the state of your security, you can pick up fresh emerging threats, constant changes to software and help you mitigate the risk your systems are under. Without it, many holes could go undetected until the next vulnerability assessment or penetration test, leaving you wide open for attack.

To perform a precise process of protecting your company, you need to implement the right tools to your system as well as scheduled vulnerability assessments and penetration tests. These tools need to be convenient and easy to use, provide accurate results, be affordable and not  impact the day-to-day operations of your business. Vulnerability scanners are the most effective when implemented into a company that are determined on strengthening their security. Applying a good strategy to tighten your security can save you money. The costs of damage and repercussions of an attack can be extremely severe.

Intact Security have a wide range of highly recommended tools for all situations and will help reduce your attack surface. Be it to stamp down on malware on machines, detect active lurking threats in your systems or monitor devices connected to your network, we will help patch your security. Get an advantage over the cyber attackers!

Relax. Your security is Intact.

Author: Intact Security

Google


Vulnerability Assessment & Penetration Test – What’s the Difference?

Posted on by Martin Quinn in Security Blog Leave a comment

By Samantha Woollard (Internet Security Specialist) – 19 December 2016

Vulnerability assessment or penetration test? Both are often confused and sometimes thought to be the same thing. However there are some major differences between them which are important to know when it comes to the security of your business.

A vulnerability assessment consists of detecting vulnerabilities, defining what they are, how they can affect your business and advice on remediation. This test is more about breadth than depth, to bring to light what vulnerabilities exist over your systems, rather than exploiting them. During a vulnerability assessment, scanners are used to pick up missing patches that need to be updated and other vulnerabilities that exist. Even though the scanners can pick up certain threats, they cannot think like an attacker. Because of this the system is also manually tested for other threats that require a human’s viewpoint and an attacker’s mind set.

A penetration test simulates what a real attacker would do. Using various tools and procedures, the key is to exploit a business’ system and get unauthorised access to critical information. It gives an extensive insight into how much risk your business is under. This test is more about depth than breadth. Rather than a list of vulnerabilities, the goal is to find out if someone can break in and if so, how far can they delve.

Vulnerability scanners should be used within your company and run frequently, especially when changes are put into place and new equipment is added. However, running these scans can often bring up false positives which can be a real headache for someone who does not have a background in security. How can you differentiate between the real vulnerabilities and the false positives? By having a vulnerability assessment, only the actual vulnerabilities will be brought to your attention along with other manually found threats. Both assessments are essential and be it the security of your network or web application, it is recommended that they each should undergo at least one vulnerability assessment and one penetration test a year. By completing both of these, you will get a comprehensive depiction of your business’ security holes.

Relax. Your Security is Intact.

Author: Intact Security

Google