APPROPRIATE SOFTWARE TOOLS TO ACCESS THE SECURITY POSTURE OF AN ORGANIZATION

Cyber attacks are widely perceived as the global risk of highest concern to business

leaders in advanced economies. Exposure to cyber risks continues to grow exponentially

as firms become more dependent on technology and adopt artificial intelligence to aid

and ease business processes. This digital transformation as can be seen with the increase

in globalization and distributed workforces, an interconnected web of employees,

customer, and third-party vendors being linked to the enterprise network, all represent

potential areas of compromise.

What are these cyber risks we speak of?

Cybersecurity Risk is the likelihood of harm or loss caused by cyber attacks and data

breaches and according to a 2019 Global Risk Perception Survey, the fastest growing

enterprice risk today. Deliotte’s 2019 Future of Cyber Survey found the qualitative and

quantitative impact of cyber risk to be as shown in the image below:

The most effective cyber risk management strategy must involve first and most importantly,

understanding the organization’s security posture. An organization’s security posture is

basically how resillient it is to cyber threats and attacks. It shows:

a. Security status of software and hardware assets, networks, services, and

information.

b. Controls and measures that are in place to protect from cyber-attacks.

c. Ability to manage defenses.

d. Readiness and ability to react to and recover from security events.

Determining [cyber] security posture is a thorough process that takes three (3) key steps;

getting accurate IT asset Inventory, mappping the attack surface and understanding the

cyber risk involved.

Source: Balbix’s Definitive Guide to Security Posture

Some [software] tool categories that are best suited for this purpose (and take into

account the blindspots) are briefly discussed below, with examples:

a. STEGANOGRAPHY TOOLS (Xiao Steganography): For encoding and

decoding digital media files.

b. CONFIGURATION COMPLIANCE SCANNERS (SolarWinds Network

Configuration Manager – NCM): For ensuring all computer and server setttings are

properly configured as they should be.

c. WIRELESS CRACKERS (Fern Wi-Fi Cracker): For cracking and recovering

WEP/WPA and WPS keys.

d. PROTOCOL ANALZERS (Wireshark): For capturing all traffic going through a

network.

e. NETWORK MAPPERS (SolarWinds Network Performance Monitor - NPM):

For showing all the devices on a network, alongside their operating systems and all

services running on them.

f. NETWORK SCANNERS (Acunetix): For mapping out a network in a way that

shows all network devices, performance data and packet loss.

g. PASSWORD CRACKERS (John The Ripper): For performing the most common

Dictionary, Rainbow Table and Brute Force attacks.

h. VULNERABILITY SCANNERS (Microsoft Baseline Analyzer): For scanning

hosts to find missing patches (known as non-credentialed scanners) and auditing

files and permissions to find vulnerabilities (credentialed scanners).

i. ROGUE SYSTEM DETECTION TOOLS (McAfee Rogue System Detection): For

detecting rogue and unmanaged devices and helping you protect your network.

j. EXPLOITATION FRAMEWORKS (Metasploit): For developing and executing

exploit code against a remote target computer. Can also be used to harden IT

systems before they are attacked.

REFERENCES

https://www.upguard.com/blog/cybersecurity-risk

https://www.logicgate.com/2020/10/09/grc-101-what-is-cyber-risk/

https://www.balbix.com/resources/definitive-guide-security-posture/

https://www.balbix.com/insights/what-is-cyber-security-posture/

https://www.oreilly.com/library/view/comptia-security-certification/

9781789348019/10ea392b-67fb-4ad2-937d-2684dd572c49.xhtml