Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave Security Colony Vendor Assessment: Know Your Vulnerabilities Before Others Do

This is the second installment in Trustwave’s in-depth tour of our Security Colony platform. For a broad overview of what Security Colony offers please read 5 Ways CISOs Can Leverage the Power of Trustwave Security Colony.

Self-evaluation in any area, much less cybersecurity, can be challenging. Is my performance at work strong and consistent? Am I being friendly to my neighbors? And as Billy Joel so wisely pointed out, sometimes an outside opinion is needed because "Can't you tell that your tie's too wide?"

To remedy this situation on the cybersecurity, if not fashion, front Trustwave Security Colony features a Vendor Risk Assessment tool that allows an organization to hold a mirror up to its online self so it can see how its online presence appears to others, especially threat actors.

Trustwave offers several levels of service with the Vendor Risk Assessment tool. The first is free, like a great deal of content provided by Security Colony. It allows an organization to run a scan on its domains. 

The second level is for Security Colony subscribers. It has the added functionality of scanning a preset number of the client's vendors' domains and allows for additional vendor slots to be purchased. There are three packages available. Startup provides for the registered domain (so one) to be checked. Core starts with 10 domains, and with Enterprise, this is bumped up to 100 domains. If needed, additional slots are available for purchase.

How the Vendor Assessment Tool Works

Scanning is, in fact, a bit of a colloquialism; Security Colony does not really "scan" anything. Instead, what happens is we monitor and report on publicly available information that is published by a client through their website and from its third parties. 

To do this, we use a variety of sources such as Breachsense, Pastebin, GHOSTBIN, Shodan, server fingerprinting using JARM, plus other tests that we have developed ourselves to collect information published on the website we are reviewing.

This process entails assessing security misconfigurations and vulnerabilities related to server configuration, including:

  • Whether an organization has a strong process for correctly configuring all their encryption (SSL/TLS) certificates
  • Whether an organization has insecure (ie. unencrypted) ports open to the Internet
  • DNS server configuration.

There is also an email component with our tool checking for security misconfigurations and vulnerabilities related to email system configuration, including:

  • Whether an organization uses strong email security technology (SPF and DMARC)
  • Whether employees of an organization have used their corporate email addresses on external accounts, and whether they have then been the subject of a data breach.

The last aspect has us evaluating security misconfigurations and vulnerabilities related to critical web applications.

Unlike other security checks such as pen-testing, Security Colony Vendor Assessment does not require access to an organization's system. Instead, we can gather all we need from publicly available sources.

The Vendor Assessment Process

Trustwave realizes that this is a self-assessment tool, so we built the feature to make it as simple as possible for even a novice to get started. Essentially, when entering a domain to review, you enter the primary domain, an email domain, if different, and an application domain.

18597_picture1cd

Entering a domain simply requires filling in these two slots.

Once the tool completes its assessment a report is generated along with a corresponding list of recommendations.

18599_picture2dd

A generic example of a typical report generated using the Vendor Assessment tool.

For example, the tool conducts a check for sensitive ports. This check determines whether your Primary Domain exposes any potentially sensitive services such as administrative interfaces or database endpoints. If a problem is found, it is highlighted in the report with the following recommendation:

“If this check is marked as ‘RISK’ and this is your domain, we recommend that you review whether there is need to expose these interfaces to the Internet and shut them down where possible.”

The Vendor Assessment tools uses the same process for all the assessed areas, such as certificate status, SSL/TLS Vulnerabilities, etc.

If the recommended actions are beyond the user’s ability, Trustwave can step in and help. A client can make the request via email and Trustwave will respond within 24 hours.

Once the client creates an assessment in the system, it generates a monthly report and sends it to the client. 

The Security Colony Vendor Assessment Credo

Security Colony is built on the concept that the best tools to share with others are those that are trusted, battle-tested, and ready to be used rather than starting from scratch each time. This thought process not only enables those in need of a cybersecurity consult or help obtain that information quickly and in a cost-effective manner.

18598_picture3dd

 

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More