We Provide Actionable Results! Why Does That Matter?

One of our core tenets at Triaxiom Security is to provide you with holistic, quantifiable, and actionable results so you can make data-driven decisions to protect your organization. That sounds great and all, but what are actionable results, and why do they matter? In this blog, we will explore what we mean by actionable results and provide you with a common example.

What are Actionable Results?

Actionable results simply means we aren’t going to leave you with a long list of vulnerabilities and walk away, leaving you high and dry to try and figure out how to fix them on your own. Rather, we are going to provide you with specific steps that we recommend to fix the issues we uncover. These steps will be customized to your environment and what we know of your business objectives. Whats more, we pride ourselves on partnering with our clients and maintaining a long-lasting relationship with each of them. That means that our recommendations are usually based on what has worked for our other clients. Additionally, by partnering with you, we really mean it when we tell you that you can reach out to us at any point with questions. Our main goal is to improve your security, so we are excited to work with you to fix it. Finally, we will provide you with applicable reference links that we find helpful to consider when remediating the vulnerability.

Example of Actionable Results

Let’s put this to an example. Let’s say that we perform a penetration test and find a Windows 2003 Server on your network. Windows Server 2003 is no longer supported by Microsoft. This means that security patches are no longer being provided, and the longer it remains unsupported, the more vulnerabilities that will be discovered and not patched. Further, because it is no longer supported, Microsoft is less likely to research and disclose vulnerabilities in the operating system. Long story short, unsupported operating systems are a problem for security.

The obvious solution to this is to disable this system and migrate to a supported operating system. Sure, but what if this is that one system in your accounting department that is connected to the dot-matrix printer, and it’s the only way your payroll is getting completed on time. Well we will take that into account and provide recommendations for that, too. For this situation, maybe our customized remediation would be:

  • If possible, disable this system and upgrade to a supported operating system.
  • If this is not possible, consider the following options:
    • Segment this system from other systems on your network, as it has a higher likelihood of being compromised.
    • Restrict traffic to and from this device to the fewest number of systems required.
    • Implement an Intrusion Detection System or Intrusion Prevention System (IDS/IPS) to monitor and prevent attacks on the network segment this host resides on.

References:

https://www.us-cert.gov/ncas/alerts/TA14-310A

https://blogs.technet.microsoft.com/canitpro/2014/04/01/step-by-step-active-directory-migration-from-windows-server-2003-to-windows-server-2012-r2/

https://www.cvedetails.com/vulnerability-list/vendor_id-26/product_id-7108/Microsoft-Windows-Server-2003.html