Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Assessment Evolution

Assessment Evolution

Section titled “Assessment Evolution”

5 automated security scanners

Testing Methodology Innovation

Section titled “Testing Methodology Innovation”

Purpose: The purpose of the Testing Methodology Innovation Scanner is to identify and highlight novel assessment approaches, unconventional testing methods, alternative validation techniques, policy updates reflecting new security trends and technologies, manual code reviews focusing on security aspects, and other innovative practices that organizations might be adopting. This scanner helps in detecting emerging security frameworks, cutting-edge threat modeling techniques, advanced analytics, custom-built tools, social engineering tactics, behavioral analytics, real-time threat intelligence, blockchain-based solutions for data integrity verification, compliance with emerging standards or certifications, and collaborative security assessments.

What It Detects:

  • Novel Assessment Approaches: Identify mentions of emerging security frameworks or methodologies not commonly adopted, references to cutting-edge threat modeling techniques, and use of advanced analytics and machine learning in security assessments.
  • Unconventional Testing Methods: Look for descriptions of unique penetration testing strategies, custom-built tools or scripts used for security evaluations, and mentions of social engineering tactics beyond standard phishing simulations.
  • Alternative Validation Techniques: Recognize use of behavioral analytics and anomaly detection systems, continuous monitoring and real-time threat intelligence feeds, and adoption of blockchain-based solutions for data integrity verification.
  • Policy Review Indicators: Detect mentions of security policies that incorporate innovative practices, compliance with emerging standards or certifications, and policy updates reflecting new security trends and technologies.
  • Manual Evaluation Practices: Recognize descriptions of manual code reviews focusing on security aspects, detailed walkthroughs of security configurations and settings, and peer reviews and collaborative security assessments.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com) - This is necessary for searching the company’s site for security documentation and policies.
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”) - Used to search specific statements related to the company in question.

Business Impact: The adoption of innovative security practices can significantly enhance an organization’s security posture by staying ahead of emerging threats and leveraging cutting-edge technologies. This proactive approach is crucial for maintaining a robust defense mechanism against sophisticated cyber threats, ensuring both data integrity and regulatory compliance.

Risk Levels:

  • Critical: Conditions that could lead to severe consequences such as significant data breaches or non-compliance with critical security standards.
  • High: Conditions that pose high risk but are not as severe as critical, potentially leading to substantial disruptions or significant financial losses.
  • Medium: Conditions that may require attention and improvement but do not immediately threaten the core operations or objectives.
  • Low: Informal findings that provide general insights into security practices without immediate concern.
  • Info: General information about current security practices, which does not necessarily indicate a risk level.

If specific risk levels are not detailed in the README, these inferred levels can guide assessments of potential severity based on the scanner’s purpose and impact.

Example Findings:

  1. “The company has adopted an emerging security framework that is not commonly used in the industry.”
  2. “Custom-built tools are utilized for penetration testing, indicating a unique approach to vulnerability assessment.”

Adversarial Thinking Development

Section titled “Adversarial Thinking Development”

Purpose: The Adversarial Thinking Development Scanner is designed to identify and assess the presence of an attacker mindset within organizations by examining their security documentation, policies, and public statements. This tool helps in detecting whether an organization is more focused on exploiting vulnerabilities rather than defending against them, which can be crucial for understanding the overall security posture and strategy.

What It Detects:

  • Security Policy Indicators: The scanner identifies the presence or absence of key security policy documents such as “security policy,” “incident response,” “data protection,” and “access control.”
  • Maturity Indicators: It checks for compliance certifications and maturity models like SOC 2, ISO 27001, penetration testing, and vulnerability scanning.
  • Offensive Perspective Integration: The scanner detects language or references that suggest an offensive mindset, such as frequent mentions of “penetration test,” “exploit,” or “vulnerability assessment.”
  • Exploit-Focused Analysis: It identifies patterns indicating a focus on exploiting vulnerabilities rather than mitigating them, such as detailed descriptions of exploits without corresponding mitigation strategies.
  • Public Policy Pages and Trust Center Information: The scanner analyzes public policy pages and trust center information for signs of adversarial thinking or offensive perspectives that may indicate a shift towards exploitation.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com) - This is the main website address used for scanning security policies and related documents across different paths specified in the test_paths list.
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”) - This parameter helps in identifying relevant statements or documents within the company’s public information sources, such as policy pages or trust center sections.

Business Impact: Identifying organizations with an attacker mindset is crucial for enhancing security strategies and policies to better defend against potential threats. It can help prevent organizations from focusing solely on exploiting vulnerabilities and encourages a balanced approach that includes both defense and proactive measures.

Risk Levels:

  • Critical: This risk level would be triggered by the presence of detailed descriptions of exploits without any mention or strategy for mitigating such risks, indicating a significant focus on exploitation over security improvement.
  • High: High severity findings include missing key security policy documents that are essential for understanding and managing cybersecurity risks within an organization.
  • Medium: Medium severity findings involve compliance with less stringent standards like penetration testing results without detailed mitigation strategies or absence of critical security policies that could lead to vulnerabilities being exploited unchecked.
  • Low: Low severity findings might include the presence of outdated information in public policy pages, which while not critical, should be updated for accuracy and relevance.
  • Info: Informational findings pertain to the existence of maturity models like SOC 2 or ISO 27001 without detailed analysis or reporting on their implications for security practices.

If specific risk levels are not defined in the README, they can be inferred based on the severity and impact of each detection point.

Example Findings: The scanner might flag a company that has extensive documentation on penetration tests but lacks any strategy to address the vulnerabilities identified during these tests, or an organization with no documented security policy at all. These findings highlight potential gaps in both defensive strategies and proactive risk management within the organization.

Adversary Emulation Fidelity

Section titled “Adversary Emulation Fidelity”

Purpose: The Adversary Emulation Fidelity Scanner is designed to assess the authenticity of Tactics, Techniques, and Procedures (TTPs) utilized in security assessments by detecting realistic adversary behavior replication. This tool aims to ensure that simulated attacks accurately reflect real-world threats, thereby enhancing the effectiveness of defensive strategies.

What It Detects:

  • Policy Indicators Verification: The scanner checks for the presence of key security policies such as “security policy,” “incident response,” “data protection,” and “access control” in company documentation to ensure they are publicly accessible and detailed enough to demonstrate a commitment to cybersecurity.
  • Maturity Indicator Assessment: It identifies compliance certifications like SOC 2, ISO 27001, penetration testing, and vulnerability scanning in the company’s public information to verify that these certifications are mentioned and provide evidence of security maturity.
  • Realistic TTP Simulation: The scanner analyzes the technical details provided in simulated attack scenarios to ensure they match known adversary behaviors and detects inconsistencies between claimed TTPs and actual capabilities demonstrated in assessments.
  • Actor Behavior Replication: It evaluates whether the simulated adversary actions align with documented real-world actor behavior patterns, including nation-state actors, Advanced Persistent Threat (APT) groups, and other threat actors’ methods.
  • Documentation Consistency: The scanner ensures that all aspects of the simulation are well-documented and consistent with industry standards, verifying that any claims made about the simulation’s fidelity are supported by detailed documentation.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com). This input is essential for searching company sites to collect security-related pages.
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”). This helps in identifying relevant policies and documentation during the scanning process.

Business Impact: Evaluating the authenticity of TTPs used in security assessments is crucial as it directly impacts the effectiveness of defensive strategies against real-world threats. Ensuring that simulated attacks accurately reflect real-world adversaries enhances the ability to anticipate, detect, and respond effectively to potential cyber threats.

Risk Levels:

  • Critical: The scanner identifies significant vulnerabilities or gaps in security policies and practices that could lead to severe breaches or data loss.
  • High: The scanner detects substantial weaknesses in security measures that might be exploited by adversaries with moderate skill levels, leading to significant disruptions or data exposure.
  • Medium: The scanner flags potential issues requiring attention but may not pose an immediate risk if properly mitigated.
  • Low: The scanner identifies minor deviations from best practices that are unlikely to be exploited by adversaries and can generally be addressed through ongoing improvements in security protocols.
  • Info: The scanner provides informational findings about the current state of cybersecurity measures, which could guide future strategic decisions for enhancing overall security posture.

Example Findings:

  1. A company claims compliance with ISO 27001 but does not mention any specific certifications or standards in their public documentation.
  2. The simulated attack scenarios provided during a penetration test do not align with the documented TTPs, indicating potential discrepancies between claimed capabilities and actual demonstrated behavior.

Assumed Compromise Operation

Section titled “Assumed Compromise Operation”

Purpose: The Assumed Compromise Operation Scanner is designed to assess and detect various indicators of post-breach detection capability, persistent adversary simulation, and dwell time reduction testing by analyzing company’s security documentation, public policy pages, trust center information, and compliance certifications.

What It Detects:

  • Security Policy Indicators:
    • Identifies the presence of comprehensive security policies that cover incident response plans, data protection measures, and robust access control mechanisms.
    • Checks for SOC 2 compliance status to confirm adherence to specific standards related to trust services principles.
    • Validates ISO 27001 certification to ensure a high level of information security management systems are in place.
  • Maturity Indicators:
    • Evaluates penetration testing activities and vulnerability scanning and assessment practices to gauge the organization’s resilience against cyber threats.
  • Public Policy Pages Analysis:
    • Scans for security-related keywords on public policy pages, including mentions of incident response procedures and descriptions of data protection policies.
  • Trust Center Information Review:
    • Examines trust center information for detailed incident response processes, validates data protection and privacy practices, and ensures access control mechanisms are transparently communicated.
  • Compliance Certifications Verification:
    • Verifies the presence of SOC 2 compliance certifications to ensure adherence to specific standards related to security, availability, processing integrity, confidentiality, and privacy.
    • Confirms ISO 27001 certification status to demonstrate a commitment to high standards in information security management systems.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial as it helps in understanding the organization’s preparedness against potential cyber threats, ensuring that critical security policies and practices are in place to protect sensitive information and maintain operational resilience.

Risk Levels:

  • Critical: The presence of incomplete or non-existent security policies, lack of detailed incident response processes, and absence of robust access control mechanisms can lead to severe consequences including significant data breaches and potential loss of trust from stakeholders.
  • High: Inadequate handling of sensitive information through inadequate data protection measures and insufficient penetration testing results in a high risk scenario where unauthorized access or data theft is possible.
  • Medium: Partial compliance with security practices, such as missing incident response plans or incomplete vulnerability assessments, can lead to medium-level risks associated with potential disruptions and moderate financial losses.
  • Low: Informational findings like minor discrepancies in public disclosures might not pose significant risk but should be addressed for continuous improvement of the organization’s cybersecurity posture.
  • Info: These are less critical findings that provide general insights into compliance status without immediate security implications.

Example Findings:

  • A company does not have a clearly defined incident response plan documented in its public trust center, which could lead to delayed or ineffective responses during cyber incidents.
  • The absence of SOC 2 Type I certification despite significant data processing activities indicates potential gaps in demonstrating adequate security practices for handling sensitive information.

Audit vs Reality Gap Analysis

Section titled “Audit vs Reality Gap Analysis”

Purpose: The Audit vs. Reality Gap Analysis Scanner is designed to bridge the gap between a company’s public statements and its internal security practices by identifying discrepancies in compliance with stated policies and actual practices. This tool aims to provide insights into how well a company adheres to its own security protocols as claimed versus their actual implementation.

What It Detects:

  • Security Policy Indicators: Identifies mentions of “security policy” across public documents, including discussions on incident response and data protection measures.
  • Maturity Indicators: Detects claims of SOC 2 compliance, ISO 27001 certification, penetration test activities, and vulnerability assessments or scans.
  • Policy Consistency: Compares publicly available statements with internal security documentation to assess the alignment between stated policies and actual practices.
  • Public vs Internal Documentation: Analyzes discrepancies between information disclosed on public policy pages and details found in internal documents.
  • Trust Center Information: Reviews trust center content for consistency with security policies, ensuring transparency in reporting security incidents and compliance status.

Inputs Required:

  • domain (string): The primary domain of the company to analyze, e.g., “acme.com”.
  • company_name (string): The name of the company, used for searching relevant statements, e.g., “Acme Corporation”.

Business Impact: This scanner is crucial as it helps in assessing and enhancing an organization’s cybersecurity posture by identifying gaps between policy claims and actual practices. These findings can guide strategic decisions on improving security measures, compliance certifications, and public trust.

Risk Levels:

  • Critical: Findings that directly impact critical infrastructure or highly sensitive data protection where immediate action is required.
  • High: Issues that significantly affect the core business operations or have a high potential to lead to severe consequences if not addressed.
  • Medium: Problems that are significant but do not pose an immediate threat, requiring planned remediation efforts within a reasonable timeframe.
  • Low: Minor issues that can be addressed during routine maintenance or as part of ongoing improvement initiatives.
  • Info: Informational findings that provide general insights into the company’s security posture without immediate risk.

If specific risk levels are not detailed in the README, they have been inferred based on the scanner’s purpose and potential impact.

Example Findings:

  1. “The company claims to follow a robust security policy but lacks explicit details about its implementation in internal documents.”
  2. “Publicly available information indicates SOC 2 compliance, yet internal records do not reflect this certification.”