THERE IS HELP
Over the last couple years, Verodin users have been creating an almost limitless number of use cases with the Security Instrumentation Platform (SIP) from Verodin. In addition to general use cases like mitigating environmental drift, instrumenting DLP, Palo Alto, Splunk, and Snort, as well as measurement and metrics, as well as evidence-based measurement and metrics, one use case is becoming increasingly popular: leveraging Verodin to help enforce security during mergers and acquisitions.
Mergers and acquisitions have long been a challenging proposition for security teams. Measuring, managing and improving one security program across people, processes, and technology is tough enough. But inheriting another security program and measuring its state of effectiveness is downright daunting. Doing it in a seemingly always compressed time-frame, with limited resources while still doing your day job, well that’s simply unforgiving. And, if you’re in an organization that frequently acquires others, these challenges are multiplied. But there’s help.
It all starts with Verodin Actors. Verodin users understand the value of the flexible Verodin Actor architecture that allows Actors to be easily and quickly installed in a variety of self-contained footprints such as virtual machines, ISO images, RPMs, in clouds like Microsoft and Amazon, bootable USBs, dedicated hardware, and so on. Verodin Actors can be installed across various zones including those in organizations tied to your acquisition.
Verodin Actors measure the effectiveness of the security program’s layered defensive controls. Because Verodin Actors only attack other Verodin Actors, the usage is safe and typically expedited, requiring limited to no change management delays for installation and execution. The simplicity, speed, and safety of leveraging the Verodin Actors makes them a perfect fit or installation within the acquired organization’s environment that your organization, may as of yet, still have very limited access.
Once deployed, your Verodin Actors are centrally managed by your Verodin Director. This combination of Director and Actor provides evidence-based metrics to understand the security effectiveness of your acquired organization. Examples of what can be measured include:
PREVENTATIVE CONTROL VALIDATION
This measures preventative controls across network, endpoint, email, and cloud to identify if these controls are stopping malicious activity outbound, inbound and laterally and can validate if controls such as firewalls, IPS, DLP, WAF, endpoint, proxies and many others are working correctly
MANAGEMENT STACK VALIDATION
Beyond assessing if malicious activity is blocked or not, Verodin SIP also measures if malicious activity is detected and reported to a security management console like a firewall manager, endpoint manager or SIEM
CORRELATION AND ALERTING VALIDATION
This portion of the assessment takes advantage of the Verodin SIP’s ability to not just determine what events have or haven’t made it to the SIEM or similar solution, but also if the events have resulted in a correlated, notable event
Often one of the primary checks when validating an acquired organization is simply determining which networks are allowed to communicate with other networks as well as port, protocol communication limitations
REGULATORY MANDATE VALIDATION
When regulatory mandates are a concern, especially in a case where the organization you are acquiring didn’t have to be compliant with a particular mandate, the Verodin SIP can be used to validate on a per mandate level
PEOPLE AND PROCESS VALIDATION
Beyond technology, organizations are often asked to validate the people and processes within the acquired organization to measure variables like responsiveness in the face of different attack types
The use of Verodin Actors for validating security controls in the face of malware, beaconing, C2, data exfiltration, phishing, and so on allows you as the acquiring organizations to quickly measure the security effectiveness of the acquired organization. But beyond the Verodin Actors, reporting is an essential capability. Results are shared, easily understood and prioritized. This component is critical because multiple technical and non-technical stakeholders will be interested in the results and understanding empirically what’s working, what’s not, and the roadmap to fix it.
Verodin Reports can be broken up by organization, geography, business units, operational zones, device types, etc. The statistics, scores, and colors that are rendered can be manually adjusted based on risk tolerance. For example, data exfiltration issues in certain laboratory networks are likely less critical than networks that contain sensitive customer data. Rich analytics are provided with one-click drill downs into technical detail and perceptive, remediation steps.
This highly usable reporting format avoids data overload and gets right to the point with quantifiable data predicated on zero false positives. It is easy to understand for a broad audience, including non-technical and non-security professionals, but also contains actionable metrics with a single click for security practitioners. The reports can also be trended over time to show improvements against the mitigation plan. More simply put, you can track the reduction of “stuff in red” and the increase of “stuff in green.” This combination of Verodin SIP capabilities that brings together tactical validation and security effectiveness measurement with strategic, actionable reports results in a very effective solution for mergers and acquisitions. Both security teams and business decision-makers benefit from the ease and speed at which their acquired organizations get measured, issues are understood and communicated, and mitigation always tracked.
To learn more about how Verodin can help your organization from a security perspective with mergers and acquisitions, request a demo.