X
NEXT
Forgot password?

DigitalXRAID

It’s in the Black AND White – The value of a Full Security Assessment

There appears to be a common pattern emerging when it comes to perceptions surrounding the value of black box and white box penetration testing.

That pattern seems to be one of a “black box is enough” mind set. Possibly because it supposedly simulates how a “real” bad guy would attempt to breach your systems. Ergo, this is perceived to be a more “authentic” real world test of a security posture.

Or is it? An organisation with this mind set is surely projecting an inward facing false sense of security?

A black box test provides you with a one-dimensional attack surface area, potentially grossly underestimating a well-resourced determined attacker. For instance, let’s imagine for a second that a would be bad guy hoovers up the majority of an organisations IP addresses. What if the keys to your castle lie on that other 10% of machines the bad guy couldn’t recognise as belonging to your organisation? If it’s online someone will eventually discover what a previous less informed bad guy could, and push that pain button.

Ying and Yang!?

Only when bundling together White box with rigorous Black box testing, can an organisation achieve a holistic view of its applications, networks, and people. how likely it is that attackers will find them, and what it will take to fix the vulnerabilities.

Of course, there’s always sufficient information to launch an attack based on information available in the public domain.

The opinion of DigitalXRAID as your security partner is it’s best to assume the worst case 100% of the time, and proceed with White box testing from there. For organisations with mature, well-implemented security programs, we deliver bespoke targeted attack simulations that assess capability to respond to varying threats. We also add validity to these engagements by consulting with both our Incident Response and Threat Hunting divisions.

Summary

The value you gain from a full security assessment is unparalleled, but can also hinge on the input and co-operation from your organisation too. With full commitment from our clients, DigitalXRAID as an external assessor is able to objectively maximise the validity of any assessment process.

From there we are able to establish the following value for money outcomes;

  • Failings of policies and/or controls that have led to vulnerabilities
  • The risk to the organisation from a broader business perspective (bottom lines £££)
  • Identifying potential objectives of the bad guys through vulnerabilities discovered.
  • Immediate and long-term remediation road maps
  • A change in the organisations mind set when approaching vulnerabilities in the future

Ultimately the reasons for a full security assessment should never be in question. Especially when you compare the ramifications for adopting a one-dimensional “black box is enough” approach.

If you’d like more information around DigitalXRAID’s approach to managing security information please get in contact.

Previous Article

DigitalXRAID Nominated for GDS Review Awards 2017

Next Article

DigitalXRAID Award Winning Penetration Testing Services

Cyber Security Experts

Accredited and regulated, we're in the top 1% of cyber security agencies globally

Crown Commercial Service Supplier Cyber Essentials Plus ISO 27001 BSI ISO 9001 CHECK NCSC Cyber Incident Response CREST

We’re trusted by the UK Government as Crown Commercial Service providers as well as being accredited by two of the leading cyber security governing bodies. Our ISO9001 certification means you can rest assured our processes and approach are market leading.

Protect Your Business & Your Reputation.

With a continued focus on security, you can rest assured that breaches and exploits won't be holding you back.

Speak To An Expert

x

Get In Touch

[contact-form-7 id="5" title="Contact Us Form"]