What is a Cyber Resiliency Assessment?
Author: Beth Laws
Release Date: 23/08/2022
A Cyber Resiliency Assessment is one of the free Data Risk Assessments offered by Somerford and Varonis, designed to assess the exposure of an organisation’s data and test your security tools against modern day cyber attacks.
Whether you’re considering if Varonis could be a solution your business needs or already an existing Varonis customer, a Cyber Resiliency Assessment (CRA) is a complementary assessment that is available to you.
You Might Also Like:
Cyber criminals are inventing increasingly clever ways to gain access to and exploit organisation’s data. A CRA will test your threat detection and response capabilities by simulating real world attacks against your businesses on-prem and cloud environments, to determine if your security stack will protect your organisation against breaches and how quickly you can detect, investigate and respond to these. In addition, the Assessment will help to educate your Security and IT teams to prepare for advanced attacks and recognise any warning signs and assist with identifying data areas of concern by pinpointing where any sensitive data lives.
What happens during a Cyber Resiliency Assessment?
During the CRA period, Varonis’s team of forensic experts and indent response analysts use their crafty skills to penetrate your systems. These experts use malicious techniques such as password spraying, kerberoasting and SPN scanning and many other methods to measure your resiliency against potential insider threats, malware and APTs.
Varonis will classify the content of your data throughout the CRA, giving an insight on how much of your data is sensitive, where this is stored and whether any of this sensitive information is unnecessarily over-exposed.
After simulation of the attacks, a report will be generated to feedback how well your security solutions performed and to highlight which attack scenarios went undetected and to highlight strengths, weaknesses and actionable recommendations to improve your security posture. This report will also be provided to you completely free of charge!
The Cyber Resiliency Assessment Timescales
Initially, the Varonis Data Security Platform will be installed in the customers servers and connected to the required data stores which typically is a very quick and easy process, usually only lasting a couple of hours.
As Varonis employs user behaviour analytics and uses artificial intelligence to get to know employee’s normal behaviours, an initial period of around one to two weeks is required to ‘watch’ the environment before the simulation of attacks may commence. After these first couple of weeks, the threat simulation will begin and a member of the Varonis red team will run through a series of well known tactics to try and mimic a real-world malicious attack.
A few weeks after the installation of Varonis, you’ll receive the findings report. Members of the Varonis blue team will work with our customers to review the findings of the report and work with security and IT teams to discuss the activity and response of your existing security stack.
Typically, a Cyber Resiliency Assessment lasts no longer than 30 days.
If you think your organisation could benefit from a Cyber Resiliency Assessment or have any questions, please get in touch with us using the form at the bottom of this page!
Other Types of Risk Assessments
There are multiple other types of Varonis Data Risk Assessments available. To quickly name a few, we have Compliance Assessments, a Cloud Application Risk Assessment, a Ransomware Readiness Assessment and more.
If you would like to find out more information or request a Data Risk Assessment please visit our website at https://www.somerfordassociates.com/varonis-dra-resource-page/ or feel free to read our Data Risk Assessment article at https://www.somerfordassociates.com/blog/what-you-get-with-a-varonis-data-risk-assessment/.
