Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 20
In this blog series, members of Optiv’s attack and penetration team are covering the top 20 Center for Internet Security (CIS) Critical Security Controls (CSC), showing an attack example and explaining how the control could have prevented the attack from being successful. Please read previous posts covering:
CSC 20: Penetration Tests and Red Team Exercises
Test the overall strength of an organization’s defenses (the technology, the process and the people) by simulating the objectives and actions of an attacker.
We now move into our final step of the Top 20 CIS Critical Security Controls. Throughout the series, we demonstrated how attack scenarios can be leveraged to take advantage of the lack of, or misconfigured, controls. A penetration test is the next logical step after you have implemented these controls to ensure that the controls have been implemented correctly.
A penetration test comes in many forms depending on the organizational need, company hired and end goal. I have broken these into four main types of tests performed regularly; however, there may be other tests offered to meet different goals. Either way, it is strongly recommended that you don’t just go out and buy a penetration test but that you define these goals and identify which test works best for your needs.
While all of this can sound scary to an organization just getting starting with penetration testing, going with a reputable group of proven professionals can help to avoid most pitfalls that can occur. This testing, when performed in combination with your security and technology staff, can have a greater impact as knowledge transfer both ways can really add an extra level of effectiveness to the penetration test. Assessors benefit from this conversation by knowing key areas to check into and staff benefit by learning how risky some innocuous vulnerability may be. Not all penetration tests leverage high and critical vulnerabilities, some don’t even use a vulnerability scanner. It’s important to know what your organization needs (is it compliance driven?) and wants (collaborative understanding) when selecting a company and type of penetration test.
This concludes our series on the critical security controls.
Let us know what you need, and we will have an Optiv professional contact you shortly.