<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=522217871302542&amp;ev=PageView&amp;noscript=1">

The Beginner’s Guide to Security Assessments

Posted by Donald Lupejkis on Jan 12, 2018, 12:00:00 PM

Security-180401852 (1).jpg

There are two approaches to cybersecurity: proactive and reactive. Security assessments are a great discovery tool for prospects, but also effective to ensure proactive monitoring for any future network vulnerabilities. It starts a dialogue that you, the security expert, can control. The term “security assessment” is very broad though – there are several types of assessments with varying purposes. Where do you start?

Let’s start with the different types of assessments. Some are vendor specific, like the Cisco dCloud (POV), and others are vendor agnostic. The purpose of an assessment is to gain meaningful insight into the current environment to understand what controls are in place and ultimately highlight areas in need of improvement. At Tech Data, we typically talk about the following:

Security Posture Assessment: Industry agnostic, this assessment ranks security maturity, identifies gaps in security capabilities and positions high-value solutions. Often provided as a complimentary assessment, this is a great tool to use with prospective clients. It allows you to understand their current security posture and identify areas to address immediately, and provides an action plan for you and your customers to follow to tighten their security by deploying additional security technologies and solutions.

Vulnerability Assessment: This complimentary assessment is delivered virtually and helps identify external IP weaknesses on a small scale. Tech Data also offers fee-based vulnerability and penetration insights, which offer a more extensive engagement. To learn more about vulnerability assessments and pen testing, check out this article Vulnerability Assessments vs. Penetrating Testing. Is there really a difference?

Other assessments can be vertical specific, including health and life sciences assessments and the retail posture assessment. These tools, designed for industry-specific businesses, show how the business is ranked in terms of security maturity and identifies gaps in current security capabilities.

There are some assessments you may offer complimentary to clients or prospects, while others are fee-based, or even fee-based with a chance of reimbursement if a specific outcome is achieved. It is often recommended to analyze free/for fee status based on time and resource commitment, and the overall return on investment for that activity. Many assessments are delivered virtually, but some require on-site presence. These assessments have the potential to uncover multiple security solutions, including endpoint, data/application, perimeter, SIEM and more.

Adding Assessments to Your Go-To-Market Strategy

Above are just a few ways to start incorporating assessments into your business offering. An easy entry point is when working with a prospective client. This is a great way to begin the conversation and progress your prospect through the sales cycle. Check out this article for best practices on a successful audit: From Prospect to Client: 5 Tips for a Successful Security Audit.

Another proactive idea is to include assessments into your package offering. If you’re providing managed services to a client, perhaps include a free vulnerability assessment every three to six months. You may also offer additional assessments at a discounted rate for clients paying for the “better” or “best” service offering.

If you conduct quarterly business reviews with clients as part of a proactive IT approach, you can run a security posture assessment before your meeting to ensure all areas are in good standing based on the current cyber environment. New threats emerge daily and being vigilant is important. If something is discovered, this is a great opportunity to raise with stakeholders and address immediately.

A note of caution: your client and/or the security network administrator may be resistant or become defensive based on assessment results. After all, it’s their responsibility to ensure the network is free of vulnerabilities. Approach these conversations delicately to reassure your client that these are preventative measures and aren’t intended to point a finger. Be overly communicative in stating your intention for assessments and focus on the facts. There are plenty of breaches and new threats emerging daily to help support your efforts.

Execution

Assessments are helpful, but without skilled employees to execute and interpret their findings, there remains a challenge. If you’re looking to perform these in-house, hiring or training within your team is certainly an option. If you’re on an accelerated timeline, Tech Data is ready to work with you to help extend your security organization.

From security posture assessments to white-labeled managed security offerings, Tech Data can help you build a security practice. Connect with a Tech Data security expert today to get started with a complimentary security posture assessment for your next client at securityservices@techdata.com.

Tags: Security, Security Assessment

Subscribe to Email Updates