Demystifying Security: Part II

Demystifying Security: Part II

The bad guys aren’t coming. The bad guys are already here.
If you’re following the news, you’ve probably seen coverage on ransomware attacks like the one on the Colonial Pipeline. It’s not a matter of if, but when a Cyber Security compromise will occur. How can you ensure that your customers are getting the best protection possible?
In Part II of the Demystifying Security blog series, we’re breaking down Cyber Security assessment terms and what they mean to you and your customers. If you missed Part I in the series, read it here.

Security Assessment:
A study to locate security vulnerabilities and risks

What does it mean?
This is the easiest way to get into your customer’s environment. A security assessment is a great way to review the security weaknesses in your customers’ systems. There are different types of assessments: vulnerability, pen testing, gap analysis and health check.

The security assessment will be a “stake in the sand” to help you and your customer understand what their environment looks like at this point in time. I call it a stake in the sand because the environment is always shifting. The security assessment should be run on a regular basis, once a quarter or so.

Penetration Test (Pen Test):
Expert attempt to find and exploit vulnerabilities

What does it mean?
Penetration tests are a great way to open up a security conversation with your customers. A pen test can be done multiple ways: internal, external, credential, non-credentialed. The test can be utilized to see what can be gleaned from the outside looking in, or how safe the customer’s environment is from the inside. You will have different results depending upon which method is chosen.

Penetration tests are very important. Customers should be performing a pen test at least once a year with a different provider. Also, the test should not be run by the same provider that is monitoring the customer’s environment–that’s like the fox guarding the henhouse.

Security Information & Event Management (SIEM):
Log collection and aggregation systems

What does it mean?
A SIEM is important for many reasons. A SIEM is an event collection point and aggregator. Imagine that everything you touch is generating an event log. Every switch, router, access point, gateway, server and the like all generate event logs. Now imagine having all of those logs into one location–one correlation point where you can see what is going on within that environment. That’s what the SIEM is doing.

It’s very important to ensure that your customers have a SIEM or a service provider that offers a SIEM.
SIEM logs are also a tool that many cyber insurance companies will ask to review (if your customers decide to have that level of protection). If your customers are compromised, insurance companies will request these logs to see where the compromise occurred or to ensure that your customers were doing their due diligence.

Want to learn the right questions to ask your customers to open Cyber Security opportunities? Watch the on-demand “Demystifying Security” video in MyIntelisys, available exclusively to Intelisys Sales Partners.