Security audit and testing: Is your network secure?

  • Security audits are rarely enough to fully test the security level of a network.
  • Testing that simulates an actual hacker attack is the best way to validate security measures.

The media regularly features stories about hackers breaking into enterprise servers to steal sensitive data. One common scenario begins when an employee receives a phishing email that looks like a legitimate business email urging the recipient to click on a link or to open an attachment.

A doorway for cyber criminals

These emails are sent by attackers and typically contain a malicious program designed to attack a popular corporate desktop software. Once the program is executed, it allows the attacker to take control of the employee’s desktop, using it as a gateway into the enterprise. The attacker then moves throughout the network until the “gold mine” is identified – a server with sensitive data. The data from the server is then copied to a location controlled by the attacker. All too often, such compromised networks are believed to be secure prior to the breach.

Although the concept of “computer security” is well known to organizations, actually measuring the security level of a network is not straightforward. It is impossible to ensure a network is secured against attacks without complete knowledge and understanding of security specifics pertinent to applications, systems, and communications. Furthermore, the conclusion that a network is secure because no breaches have occurred is flawed. An organization may be fortunate that no attacks have occurred, or a breach could have taken place but gone unnoticed.

Beyond the security audit

Since direct security level measurement is not trivial, the problem is deferred to security audits. When assessing a network, auditors commonly rely on evidence of sound security management and development practices — for instance, security policies, procedures, and architectural diagrams. But even auditors cannot fully attest to the security level of a network. To achieve a greater insight, organizations should also evaluate their security posture through testing that simulates an actual hacker attack, such as penetration testing or phishing assessments.

The objective of such testing is to assess the feasibility of a compromise through validation of the overall effectiveness of defensive mechanisms. Targets included in the testing scope can range from servers, desktops, and applications to network/wireless/mobile devices to the weakest link in the network chain: humans. The testing can also be useful in evaluating the organization’s incident response process. Findings revealed through the testing greatly help organizations in determining the security posture of the network and making further strategic decisions to reduce vulnerability.

Learn more about network security services from AT&T.

Jennia Hizver Consulting Practice Security Researcher and Consultant AT&T About Jennia