We're changing our name.
Verodin is now Mandiant Security Validation. Click here to learn more.

Verodin Helps to Enforce Security during Mergers and Acquisitions

Mergers and acquisitions have long been a challenging proposition for security teams. Measuring, managing and improving one security program across people, processes, and technology is tough.

March 16, 2018
Blog Tags


Over the last couple years, Verodin users have been creating an almost limitless number of use cases with the Security Instrumentation Platform (SIP) from Verodin. In addition to general use cases like mitigating environmental drift, instrumenting DLPPalo AltoSplunk, and Snort, as well as measurement and metrics, as well as evidence-based measurement and metrics, one use case is becoming increasingly popular: leveraging Verodin to help enforce security during mergers and acquisitions.

Mergers and acquisitions have long been a challenging proposition for security teams. Measuring, managing and improving one security program across people, processes, and technology is tough enough. But inheriting another security program and measuring its state of effectiveness is downright daunting. Doing it in a seemingly always compressed time-frame, with limited resources while still doing your day job, well that’s simply unforgiving. And, if you’re in an organization that frequently acquires others, these challenges are multiplied. But there’s help.


It all starts with Verodin Actors. Verodin users understand the value of the flexible Verodin Actor architecture that allows Actors to be easily and quickly installed in a variety of self-contained footprints such as virtual machines, ISO images, RPMs, in clouds like Microsoft and Amazon, bootable USBs, dedicated hardware, and so on. Verodin Actors can be installed across various zones including those in organizations tied to your acquisition.

Verodin Actors measure the effectiveness of the security program’s layered defensive controls. Because Verodin Actors only attack other Verodin Actors, the usage is safe and typically expedited, requiring limited to no change management delays for installation and execution. The simplicity, speed, and safety of leveraging the Verodin Actors makes them a perfect fit or installation within the acquired organization’s environment that your organization, may as of yet, still have very limited access.

Once deployed, your Verodin Actors are centrally managed by your Verodin Director. This combination of Director and Actor provides evidence-based metrics to understand the security effectiveness of your acquired organization. Examples of what can be measured include:


This measures preventative controls across network, endpoint, email, and cloud to identify if these controls are stopping malicious activity outbound, inbound and laterally and can validate if controls such as firewalls, IPS, DLP, WAF, endpoint, proxies and many others are working correctly


Beyond assessing if malicious activity is blocked or not, Verodin SIP also measures if malicious activity is detected and reported to a security management console like a firewall manager, endpoint manager or SIEM



This portion of the assessment takes advantage of the Verodin SIP’s ability to not just determine what events have or haven’t made it to the SIEM or similar solution, but also if the events have resulted in a correlated, notable event


Often one of the primary checks when validating an acquired organization is simply determining which networks are allowed to communicate with other networks as well as port, protocol communication limitations


When regulatory mandates are a concern, especially in a case where the organization you are acquiring didn’t have to be compliant with a particular mandate, the Verodin SIP can be used to validate on a per mandate level


Beyond technology, organizations are often asked to validate the people and processes within the acquired organization to measure variables like responsiveness in the face of different attack types

The use of Verodin Actors for validating security controls in the face of malware, beaconing, C2, data exfiltration, phishing, and so on allows you as the acquiring organizations to quickly measure the security effectiveness of the acquired organization. But beyond the Verodin Actors, reporting is an essential capability. Results are shared, easily understood and prioritized. This component is critical because multiple technical and non-technical stakeholders will be interested in the results and understanding empirically what’s working, what’s not, and the roadmap to fix it.


Verodin Reports can be broken up by organization, geography, business units, operational zones, device types, etc. The statistics, scores, and colors that are rendered can be manually adjusted based on risk tolerance. For example, data exfiltration issues in certain laboratory networks are likely less critical than networks that contain sensitive customer data. Rich analytics are provided with one-click drill downs into technical detail and perceptive, remediation steps.

This highly usable reporting format avoids data overload and gets right to the point with quantifiable data predicated on zero false positives. It is easy to understand for a broad audience, including non-technical and non-security professionals, but also contains actionable metrics with a single click for security practitioners. The reports can also be trended over time to show improvements against the mitigation plan. More simply put, you can track the reduction of “stuff in red” and the increase of “stuff in green.” This combination of Verodin SIP capabilities that brings together tactical validation and security effectiveness measurement with strategic, actionable reports results in a very effective solution for mergers and acquisitions. Both security teams and business decision-makers benefit from the ease and speed at which their acquired organizations get measured, issues are understood and communicated, and mitigation always tracked.

To learn more about how Verodin can help your organization from a security perspective with mergers and acquisitions, request a demo.

Return to Blog
Get in touch:

Verodin provides security validation to measure, manage, and improve your overall effectiveness.

Chances are you’re ignoring valuable security data that can be gathered via instrumentation. Future-proof your security posture today.

Request a Demo

Chances are you’re ignoring valuable security data that can be gathered via instrumentation. Future-proof your security posture today.

Connect with an advisor

Get new cybersecurity effectiveness podcasts delivered straight to your inbox.

We will never sell or distribute your information.