Blog

We got unreasonably lucky here. We can't just bank on that going forward

We got unreasonably lucky here. We can't just bank on that going forward

Blog
October 30, 20242 min read

That's Andres Freund commenting on the exploit he discovered in the widely-used, open source software XZ Utils.

Andres is dead right, we can't bank on luck going forward. Maybe that worked in years past, but cyber threats are so ubiquitous, so automated, it's only a matter of time before your network's vulnerabilities are found out.

What are you doing to find those vulnerabilities before anyone else does?

Here are some ideas:

1. Vulnerability scans. Yes, we're all familiar with these, but how often do you scan your network, especially the perimeter? It should be done continuously.

2. Penetration testing. Again, most everyone is familiar with the idea of pentesting and probably cringes thinking of the high cost and disruption to your work whenever the annual pentest rolls around. But that's the old way of doing things. The better way is frequent (at least monthly) less costly pentests mostly focused on your perimeter. For example, we do this every month for our customers and present the findings in our monthly security review. Technology changes too quickly to wait 6 months or a year for the next pentest.

3. Cyber risk monitoring. This is a service provided by companies like BitSight, SecurityScorecard, and others. It's what your insurance company, your customers, and potential customers use to size you up and determine if they want to do business with you. It is all sourced from data that attackers can get and use to find your weaknesses, too.

4. Active Directory attack path monitoring. Do you know how many paths there are from a breached user to domain admin? With new accounts being created, old permissions forgotten about, and paths to admin not understood, your sensitive data and servers are more at risk than you realize. We use a tool called Bloodhound to show you exactly where the paths to admin are so you can lock them down.

5. Test your defenses. Have you ever run real threats against your environment to know if your security tools are working? We like a tool called BlindSpot that does just that. Think about it, you test backups for a reason. Why not test your security tools, too?

Mr. Hawbaker is one of the co-founders of Valenture and an experienced network and security engineer. Joel studied at the University of Illinois’ College of Electrical and Computer Engineering as well as at Columbia College Chicago. He has spent the last 20 years in various IT disciplines and has hands-on experience in some of the world’s largest networks. A Chicagoland native, Joel now lives in Tennessee with his family.

Joel Hawbaker

Mr. Hawbaker is one of the co-founders of Valenture and an experienced network and security engineer. Joel studied at the University of Illinois’ College of Electrical and Computer Engineering as well as at Columbia College Chicago. He has spent the last 20 years in various IT disciplines and has hands-on experience in some of the world’s largest networks. A Chicagoland native, Joel now lives in Tennessee with his family.

Back to Blog

We Can Help

Call us at (855) 605-5042 or fill out the form below.

Featured Posts

We got unreasonably lucky here. We can't just bank on that going forward

We got unreasonably lucky here. We can't just bank on that going forward

Blog
October 30, 20242 min read

That's Andres Freund commenting on the exploit he discovered in the widely-used, open source software XZ Utils.

Andres is dead right, we can't bank on luck going forward. Maybe that worked in years past, but cyber threats are so ubiquitous, so automated, it's only a matter of time before your network's vulnerabilities are found out.

What are you doing to find those vulnerabilities before anyone else does?

Here are some ideas:

1. Vulnerability scans. Yes, we're all familiar with these, but how often do you scan your network, especially the perimeter? It should be done continuously.

2. Penetration testing. Again, most everyone is familiar with the idea of pentesting and probably cringes thinking of the high cost and disruption to your work whenever the annual pentest rolls around. But that's the old way of doing things. The better way is frequent (at least monthly) less costly pentests mostly focused on your perimeter. For example, we do this every month for our customers and present the findings in our monthly security review. Technology changes too quickly to wait 6 months or a year for the next pentest.

3. Cyber risk monitoring. This is a service provided by companies like BitSight, SecurityScorecard, and others. It's what your insurance company, your customers, and potential customers use to size you up and determine if they want to do business with you. It is all sourced from data that attackers can get and use to find your weaknesses, too.

4. Active Directory attack path monitoring. Do you know how many paths there are from a breached user to domain admin? With new accounts being created, old permissions forgotten about, and paths to admin not understood, your sensitive data and servers are more at risk than you realize. We use a tool called Bloodhound to show you exactly where the paths to admin are so you can lock them down.

5. Test your defenses. Have you ever run real threats against your environment to know if your security tools are working? We like a tool called BlindSpot that does just that. Think about it, you test backups for a reason. Why not test your security tools, too?

Mr. Hawbaker is one of the co-founders of Valenture and an experienced network and security engineer. Joel studied at the University of Illinois’ College of Electrical and Computer Engineering as well as at Columbia College Chicago. He has spent the last 20 years in various IT disciplines and has hands-on experience in some of the world’s largest networks. A Chicagoland native, Joel now lives in Tennessee with his family.

Joel Hawbaker

Mr. Hawbaker is one of the co-founders of Valenture and an experienced network and security engineer. Joel studied at the University of Illinois’ College of Electrical and Computer Engineering as well as at Columbia College Chicago. He has spent the last 20 years in various IT disciplines and has hands-on experience in some of the world’s largest networks. A Chicagoland native, Joel now lives in Tennessee with his family.

Back to Blog

Enroll in Our Email Course

Learn How a No-Nonsense IT Strategy Benefits Your Company:

  • Strategies to allocate your IT budget efficiently

  • Enhance cybersecurity defenses on a budget

  • Ensure your technology investments continue to serve your business as it grows