We have been providing assessment services for a while and gained experience in the process, mainly in terms of what people really need and can make use of. One of the greatest challenges is to be able to deliver a solution that meets our customer’s needs in terms of an assessment. It is like the Goldilocks problem of trying to find something just right.
We’ve created our own integrated combination of best of breed hardware for data collection coupled with our own software enables us to better peruse all the data and then with human review and research to try and find what’s relevant.
Another challenge of existing tools is they seem to spew a lot of information, but it isn’t really from an IT or business perspective. All the tools just spew lots of reports and charts, but what did it really tell you? When I think assessments, as an IT person, I’m concerned with:
What are the real observed threats (malware, viruses, spyware, phone home, etc.) and also what direction is this occurring in? Is it server to client and what about client to server? I don’t need to look at all the noise, I want to hone in on what has a high enough severity and bypassed existing controls. Knowing IP addresses or names is nice, but I’m more interested in what users were affected.
I need to understand how the users are consuming business resources and how casual or personal use may be conflicting with real business services that your customers may be trying to access. I’d then like to either eliminate the distractions or at least be able to identify and prioritize them accordingly to make sure there are minimal or no conflicts with key business services.
I want to make sure that key information assets are not leaving our digital confines. This doesn’t just mean Email, but means a whole lot of different applications that can be used to violate our systems. Whether it’s for compliance or business concerns, we need to know what can be used to harm and bypass our controls. I need to understand not just what device, but what user account was used. That also includes being more aware of encryption and how it might be used to elude our visibility.
So, that’s how we look at assessments now, at least one of our main offerings. We collect data from one or more points in the network, though typically at a gateway location. We analyze the data with our tools and personal knowledge and then we report on the observations and make recommendations on how to mitigate the risk.
Please drop me a personal note or call and lets see when we can schedule this for you. It is priced very aggressively to other offerings and yields more actionable information versus fluff and reams of reports.