Tales From the Road: What An Enterprise Risk Assessment Looks Like

Tales From the Road: What An Enterprise Risk Assessment Looks Like

Has your corporation been keeping up-to-date on the latest security practices?

An important one to bring into your security repertoire is an enterprise risk assessment.

It’s crucial to regularly conduct enterprise assessments to ensure the effectiveness of your corporation’s security measures. An enterprise risk assessment helps your organization continuously update and measure all security protocols, both externally and internally, to prevent potential attackers from gaining access to sensitive information.

A recent engagement with one of our clients, a large corporation, proved why it is effective to conduct enterprise risk assessments. We performed a penetration test of the organization’s networking environments, both external (internet-facing) and internal.

Our team found that while they had implemented various security measures, some of them could easily be dismantled by a motivated attacker. This discovery highlighted the significance of staying vigilant and regularly assessing and improving security measures.

Uncovering Weaknesses in a Large Corporation

For any large corporation, there is always the looming threat of an attack if bad actors are able to breach the network. Existing security controls your company may have in place may only be so helpful in warding off an attacker from gaining access to sensitive information.

For our client, the issue was exactly that: they wanted us to measure their level of vulnerability with current security measures.

Our team was assigned to review the corporation’s environment for threats that could affect its overall security posture in a negative way and to provide guidance and strategic support to resolve any identified issues.

We conducted a number of attacks through both the external and internal networks and found that although the external network has great high-security protocols, the internal network is considered a high vulnerability.

If You Think You’re Secure…. Think Again

Three different rounds of testing were conducted to help our client determine which areas needed the most attention with their security measures put in place.

1. Internal & external networking environments
2. Web application testing
3. Wireless assessments

When conducting our attacks on the external network, we found that there were more strengths in this portion of the assessment than there were weaknesses, placing this company low on the vulnerability scale.

That’s a win, especially for a big company – but it’s never that simple.

What we found during our second round of the enterprise risk assessment on the internal network was that the security protocols were not as strong as we hoped they would be.

The internal asset vulnerability assessment and penetration test was focused on examining internally-accessible systems and devices for patching, system and service configuration, and authentication vulnerabilities.

Our attempts to access the internal network were easier than we thought, which is a big risk for the corporation, giving this company a high vulnerability risk.

16 Tips You Need to Know to Protect Your Corporation from Attackers

Vigilance is key, so here are 16 security methods that your corporation should follow or plan to constantly update to protect your organization from attackers.

1. Minimize External Attack Surface: Limit the number of services and functionalities exposed externally to reduce the attack surface of your organization.
2. Implement Multi-Factor Authentication (MFA): Enable MFA for external access to applications and services to prevent attackers from leveraging compromised credentials.
3. Effective Email Security Controls: Implement strong email security measures to block phishing attempts and increase end-user security awareness.
4. Continuous Wireless Network Monitoring: Regularly assess and secure wireless networks to prevent unauthorized access and data theft.
5. Address End of Life Software: Ensure all externally-facing hosts and software are up-to-date and supported to prevent potential exploitation.
6. Web Application Security: Regularly test web applications for vulnerabilities and apply patches and updates promptly to prevent data breaches.
7. Comprehensive Configuration Management: Implement robust configuration management to address issues and maintain a secure network.
8. Secure Authentication Protocols: Use secure protocols and enforce MFA for all external access to mitigate risks.
9. Administrative Account Controls: Implement separate accounts for privileged and non-privileged use to minimize the impact of being compromised through excessive use..
10. Regular Patch Management: Maintain up-to-date Microsoft Windows patches to prevent exploitation of unknown vulnerabilities.
11.  Implement Pass-the-Hash Mitigation: Deploy solutions like Microsoft Local Administrator Password Solution (LAPS) to prevent lateral movement throughout the network using shared local administrator credentials.
12.  Audit and Harden AD CS Templates: Regularly audit and harden Active Directory Certificate Services (AD CS) templates to prevent privilege escalation.
13.  Strong Security Monitoring and Alerting: Implement robust security monitoring and alerting tools to detect and respond to potential threats promptly.
14.  Enforce Strong Password Policies: Require longer and more complex passwords to enhance security against brute force attacks.
15.  Proper System Hardening: Ensure all systems and devices undergo proper system hardening to reduce potential vulnerabilities.
16.  Avoid Insecure Protocols: Disable insecure protocols and support only secure ones to protect sensitive data from being intercepted.

Uncovering Vulnerabilities – and Closing Them Up

Attackers in most cases won’t stop until they succeed. Any roadblocks that make it more difficult for an attacker to get through the external network may slow them down, but rarely will it deter them…at least not for long.

Our findings here illustrate the importance of implementing a lot of different security measures that all work together to add layers of security – not just slowing bad actors down, but stopping them in their tracks.

During the vulnerability assessment, we found numerous vulnerabilities that could potentially give a bad actor a way into the internal network. It was essential to test this out further, so we conducted an internal penetration test to see just how much damage they could do once they got in.

One major discovery was a critical issue with the Active Directory Certificate Services (AD CS) vulnerable template. We noticed two misconfigurations in the organization’s AD CS infrastructure, which could let an unprivileged user escalate privileges within the domain.

And guess what? We were able to successfully exploit both of these misconfigurations during our internal penetration.

While there has been little research done around AD CS template vulnerabilities, DirectDefense is well-versed in the AD CS infrastructure and potential abuses for some time.

Strengthening Security from the Inside Out

When it comes to security, it’s not enough to only have a strong external perimeter if your internal network has weaknesses. There needs to be a balance between both internal and external security measures. Conducting regular security assessments can help you spot vulnerabilities and figure out what needs fixing first. Every company should conduct both internal and external assessments to ensure a more comprehensive approach to network security.

To protect your corporation from malicious attackers and do more than just slow them down, contact us today or call us at 1 888 720 4633.

   By: Bethany Kozal   08.15.23