Risk Analysis: Managing Risk & Preventing Persistent Attacks

When FireMon announced that it had acquired Saperix Technologies and their patent pending, MIT Lincoln Labs developed, risk analysis technology, many people nodded their heads but didn’t really understand why we were so excited.

While risk analysis on its face sounds like a no brainer for an information security company, not everyone may be familiar with the use cases around this type of technology. Risk analysis is often not about eliminating risk. That is pretty much impossible. Risk analysis is more about managing risk to an acceptable level for your organizational needs.

We wanted to give you three use cases to familiarize you with what can be accomplished with risk analysis. These use cases are general and apply to the broad category of risk analysis. In our next post, we’ll discuss how to calculate risk for an enterprise network so be sure to check back soon.

Here are three scenarios where risk analysis solves mission-critical issues:

1. Measuring Risk: How does one quantify risk? Of course, not all risks are created equal. Some risks represent greater risk (pun intended) than others. So how do we assign a value to risk, quantify it and compare multiple risks, which is essential in prioritizing risk reduction activities?

Risk analysis in general and FireMon’s Risk Analyzer in particular give executives insight into what their risks are, assigns prioritization scores to different risks and shows what remediation and other activities can reduce risk the most. This way, risk managers can decide how to use limited resources to get the “biggest bang for the buck” in reducing and managing risk.

2. Prioritize Vulnerabilities: Unfortunately, today’s networks are “target rich environments” with vulnerabilities often outstripping an organizations ability to cure them. In this type of situation, prioritizing which vulnerabilities to remediate first to reduce and manage risk is essential. While many vulnerability management solutions will assign priorities to vulnerabilities based on criticality of vulnerability and importance of the asset, these can be rather subjective.

A risk analysis solution such as FireMon’s Risk Analyzer goes beyond the subjective and looks at other factors such as network configuration. Adding this additional level of context can drastically change the priority of remediation. Also, by analyzing which particular remediation will solve the greatest number of vulnerabilities again allows an organization to have greater insight and control of managing risk.

3. Preventing Attack Propagation: With blended attacks, advanced persistent attacks, spear phishing and other sophisticated attack techniques, often times the initial target of an attack is not the actual payday target of an attacker. Many times, intruders may first target a less-protected, non-critical asset on the network. However, once establishing the beachhead, the hackers use this “inside” base to then propagate an attack against other assets on the network. Because they are originating inside the network already, they are often invisible to perimeter defenses. Risk analysis can highlight how an attack can propagate through the network. Risk Analyzer can actually show graphical views of how an attack can propagate through a network and what paths it may take. In this case, forewarned is forearmed. Knowing how an attack may propagate, network admins can be on the lookout and thwart these dangerous attacks.

Hopefully this will give you a better idea of how important risk analysis is. Stay tuned for our next post where we’ll discuss how to calculate risk for an enterprise network.