BACK

It’s in the Black AND White – Value of a Full Security Assessment!

Since joining the Info Sec industry and attending a fair number of client sites, tech events, meet ups etc; there appears to be a common pattern emerging when it comes to perceptions surrounding the value of black box and white box penetration testing….

  • 14 Sep 2017
  • digitalxraid
2 min read

Since joining the Info Sec industry and attending a fair number of client sites, tech events, meet ups etc; there appears to be a common pattern emerging when it comes to perceptions surrounding the value of black box and white box penetration testing.

That pattern seems to be one of a “black box is enough” mind set. Possibly because it supposedly simulates how a “real” bad guy would attempt to breach your systems. Ergo, this is perceived to be a more “authentic” real world test of a security posture.

 

Or is it? An organisation with this mind set is surely projecting an inward facing false sense of security?

 

A black box test provides you with a one-dimensional attack surface area, potentially grossly underestimating a well-resourced determined attacker. For instance, let’s imagine for a second that a would be bad guy hoovers up the majority of an organisations IP addresses. What if the keys to your castle lie on that other 10% of machines the bad guy couldn’t recognise as belonging to your organisation? If it’s online someone will eventually discover what a previous less informed bad guy could, and push that pain button.

 

Ying and Yang!?

Only when bundling together White box with rigorous Black box testing, can an organization achieve a holistic view of its applications, networks, and people. how likely it is that attackers will find them, and what it will take to fix the vulnerabilities.

Of course, there’s always sufficient information to launch an attack based on information available in the public domain.

The opinion of DXR as your security partner is it’s best to assume the worst case 100% of the time, and proceed with White box testing from there. For organizations with mature, well-implemented security programs, we deliver bespoke targeted attack simulations that assess capability to respond to varying threats. We also add validity to these engagements by consulting with both our Incident Response and Threat Hunting divisions.

 

Summary

The value you gain from a full security assessment is unparalleled, but can also hinge on the input and co-operation from your organisation too. With full commitment from our clients DXR as an external assessor is able to objectively maximise the validity of any assessment process.

From there we are able to establish the following value for money outcomes;

Failings of policies and/or controls that have led to vulnerabilities.
The risk to the organisation from a broader business perspective (bottom lines £££)
Identifying potential objectives of the bad guys through vulnerabilities discovered.
Immediate and long-term remediation road maps.
A change in the organisations mind set when approaching vulnerabilities in the future
Ultimately the reasons for a full security assessment should never be in question. Especially when you compare the ramifications for adopting a one-dimensional “black box is enough” approach.

If you’d like more information around DXR’s approach to Managing Security information please visit www.digitalxraid.com

www.linkedin.com/in/david-ollerhead-4ab49595

Blog Details
  • 14 Sep 2017
  • digitalxraid

Newest Articles.

View all
  • 10 May 19

    Careers: Senior Security Analyst Role

    Read Article logo
  • 15 Apr 19

    Cyber Security Compliance: Protecting your Business from Online Threats

    Read Article logo

Get a Quote

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Contact Us

Click below and we’ll send you a quote as soon as possible.

quote-form-pattern
  • This field is for validation purposes and should be left unchanged.

Step 1 of 4 - Let’s get started

25%
  • Thanks for your interest in working with us. Please complete the details below and we’ll get back to you as soon as possible.
Close ×
price-popup-pattern
Close ×
price-popup-pattern
Close ×

Step 1 of 3

33%
  • Cyber Essentials Basic Pass Guarantee - £750

    Your Details

price-popup-pattern
Close ×

Step 1 of 3

33%
  • Cyber Essentials Basic Pay Monthly - £79 pcm

    Your Details

price-popup-pattern
Close ×

Step 1 of 2

50%
  • Cyber Essentials Plus - Get a Quote

    Your Details

price-popup-pattern
Close ×

Get In Touch

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×

Get A Quote

  • This field is for validation purposes and should be left unchanged.
price-popup-pattern
Close ×
price-popup-pattern

Buy Cyber Essentials

price-popup-pattern