Spirent 원형 로고
사이버 보안

In-Depth and Proactive Security Assessment of Enterprise Networks: Complement cybersecurity policies and safeguards with intelligent assessment automation


Blog - In-Depth and Proactive Security Assessment of Enterprise Networks: Complement cybersecurity policies and safeguards with intelligent assessment automation

Read about the importance of having proper security assessment platforms that can provide proactive, in-depth and timely actionable insights into the health of enterprise network security posture

In-Depth and Proactive Security Assessment of Enterprise Networks

Cybersecurity of enterprise networks has been top-of-mind with both business and technology leaders for quite some time now. What is changing the dynamics of the threat landscape is both current technological trends in the work place and, more importantly, the rate at which the technologies are getting deployed. While IOT, BYOD and remote access are not new trends, the rate of their growth is exponential. This type of digital network evolution increases complexity in the infrastructure and requires new and innovative service delivery systems. Each of the corporate-owned, BYOD or personal devices, as well as how they connect to the services, may become either a direct or an indirect entry point for malicious traffic. An attacker may not only attempt to launch malicious traffic against different parts of the infrastructure directly, they may also target a vulnerable zone as entry point of attack, which can then pivot and infect other areas. Security and data protection in today’s businesses cannot be implemented based on a “check-it-and-forget-it” approach and it cannot be just a mandate to train and comply with security policies and safeguards.

In-Depth and Proactive Security Assessment of Enterprise Networks

The security posture of businesses is based on three fundamental pillars. Those pillars are Protection, Detection and Response against attacks. It is crucial that enterprises have proper platforms that can provide proactive, in-depth and timely assessments of these elements alongside the training, awareness, and policies that are in place to withstand the current and emerging threats. To have an intelligence-driven security posture, it is also essential that these assessment platforms have linkages with the enterprise lifecycle tools and systems to automatically feed, track and initiate the next course of action. Without such tools, enterprise security would remain in defensive posture indefinitely. Let’s consider characteristics of cybersecurity assessment platforms more in-depth.

Enterprise Network Security Assessment Solutions

An effective way to illustrate essential capabilities needed for cybersecurity assessment solution is to cover those functionalities in the context of prevalent use cases. The salient points of typical use cases, as well as attributes of an effective cybersecurity assessment solution, are listed below.

  • Ability to deploy agents in a production network that will carry out the assessment of security zones

  • Flexibility in selecting network domains or zones that are source and targets for attack providing a proof positive of security efficacy

  • Ability to control scheduling that enables assessments to take place at a specific time of the day, such as non-peak hours, or be triggered by an event such as security incident resolution or availability of zero-day attack scenario

  • Access to a continually updated database of recent, zero-day attack and malware scenarios to assess with the latest vulnerabilities

  • Ability to control viewing, editing and running the assessment on a per user basis for enterprises with diverse organizational authorization

  • Flexibility in having attack vectors that are customized by user, context-based (network domain operating systems, applications, …), or reconnaissance-based that can guide the user to uncover vulnerabilities in the network

  • Ability for controlling attacks in terms of flow direction, segment sequences as well as evasion techniques that may be applied on top of attack plans elevating the assessment of security postures deployed in the network

  • Assess Data Loss Prevention policies with real sensitive data in formats that are prevalent in deployment (e.g., bank account numbers included in PDF files) that get transported across the network in order to validate and assess Data Loss Prevention policies

  • Linkages with enterprise lifecycle tools would allow security assessment-driven steps that can be enforced and tracked. Examples are:

    • Integration with Security Information and Event Management (SIEM) that would allow analysis of events triggered by the security platforms due to particular attack

    • Interoperating with Incident Tracking Systems (ITS) which would allow direct triggering of tickets for issues uncovered as well as ability to revalidate upon ticket resolution

    • Integration with security platforms would enable auto—provisioning for new policies when vulnerabilities are uncovered

  • Providing detailed live reporting as assessment is taking place that can expose overall vulnerability finding trends as well as individual attack attributes (e.g., description, CVE ID, start time, mitigated by blocking it or not, …)

  • Having access to final reports of past assessments that would contain information from live ones, as well as more detail (e.g., call flow sequences, packet captures, …)

  • Engines that would provide emulation of entire attacks during assessment would be significantly more effective than other techniques such as simulation or replay in order to avoid getting false sense of security or possible false positives

Above capabilities in a cybersecurity assessment solution can be invaluable and a great complement for organizations and businesses that are simply relying on traditional approaches such as pen testing (red team assessments), defensive posturing (blue team assessments), or hybrid solutions (purple team assessments). These approaches generally lack depth and continuous comprehensive view that are critical for today’s businesses. A new solution offered by Spirent Communications provides continuous, in-depth and automated assessment of network security vulnerabilities.

Spirent CyberFlood (CF) Data Breach Assessment

Let’s spend a few minutes looking at CF Data Breach Assessment that provides comprehensive network security assessment capabilities, including attributes that were described in the previous section. This is accomplished with light weight and secure agents that can be embedded in enterprise network segments capable of emulating attack vectors. To illustrate essential capabilities of CF Data Breach Assessment, please consider below screenshot of test configuration followed by a few of its extensive capabilities listed.

In-Depth and Proactive Security Assessment of Enterprise Networks - Screen 1
In-Depth and Proactive Security Assessment of Enterprise Networks - Screen 2
  1. As part of test configuration, high level topology, including CF Data Breach Assessment agents in each of the network zones, as well as devices under test (such as firewalls, …) with sources and targets of attacks across those zones are defined

  2. Extensive scheduling capabilities allow launching assessment with particular time frequency, specific timestamp, when a vulnerability issue is resolved, or as soon as new vulnerability profile becomes available

  3. Test configuration can be authorized to be viewed, edited or run by individuals or groups

  4. Attacks that are launched between zones and across devices under test can be based on user customization, reconnaissance, or all attacks that are available

  5. The attacks may be launched with evasion techniques (e.g., obfuscation) executed sequentially, in-parallel, or mixture of sequential and parallel

  6. There are options for adding sensitive data with popular file types (such as MS-WORD/EXCEL/PPT, adobe PDF)

  7. In addition to linkages with SIEMs such as Splunk, IBM QRadar for event analysis, there is the option to configure ITS management with solutions such as JIRA, Zendesk, ServiceNow, and Redmine.

CF Data Breach Assessment may also leverage security platform (e.g., firewall) API for auto-provisioning of new policies to mitigate the detected attacks that were not blocked.

The live reporting, as well as the final reporting, have extensive detail on assessment including:

  1. Snapshots of incident and ticket tracking trends

  2. Overall attack-topology status

  3. Inter-zone attack finding summaries

  4. Inter-zone attack vector detail including attack description, category/CVE ID, start timestamp, attacker and target IP and port as well as issue status and initial reporting timestamp, attack severity, if attack was blocked and if attack triggered an event that was matched on the SIEM

  5. Detail of each attack mitigation such as call flow can be obtained from final reports

In-Depth and Proactive Security Assessment of Enterprise Networks - Screen 3
In-Depth and Proactive Security Assessment of Enterprise Networks - Screen 4

CyberFlood Data Breach Assessment provides actionable insights into the health of your security posture on an incidental or continual basis. The visibility gained by safely stressing your security policies can help reduce risk while improving network operational efficiencies.

Furthermore, Spirent Communications’ SecurityLabs can assist directly to ensure efficient and accurate installation of CF Data Breach Assessment solution in network deployments if customers decide to do so.

Please visit us at www.spirent.com to learn more about how Spirent CyberFlood Data Breach Assessment can help in validating enterprise network infrastructure security postures.

Like our content?

Subscribe to our blogs here.

Blog Newsletter Subscription

Reza Saadat
Reza Saadat

Senior Technical Marketing Engineer, Application and Security Group

Reza Saadat is a Senior Technical Marketing Engineer at Spirent in the Applications and Security group, with over 25 years of experience in computers and data communication technologies. At Spirent, Reza works with the Product Management, Engineering and Sales teams to bring to market new, cutting-edge applications and security testing solutions for network equipment manufacturers, enterprises, and service providers. His in-depth industry, market and software development knowledge as well as collaborative design and development skills have resulted in the creation of numerous  hardware and software solutions, which have been successfully released at companies such as IBM Corp, Cisco Systems and many more.