Best Practice Assessment
Executive Summary
Best Practice Assessment (BPA) Executive Summary is a brief introduction of your network security posture and how it’s aligned with your business needs. This summary report will help to prioritize remediation needs and formulate a plan to execute needed steps. This is essential for the inception, growth and overall success of your company. It provides you and your leadership team with a vision for the future and a clear strategy. It contains a high level best practice assessment summary that can be downloaded in a PDF format from the HTML report so that it can be shared with CIO, CISO, and other C-level executives. With this new change the PDF file will no longer be part of the BPA report zip folder. This process to generate a BPA report remains the same. Once a BPA report is generated there will be a new tab at the top left side of an HTML report called the “Executive Summary”.
The newer version of executive summary will contain the following sections as shown below.
Best Practice Assessment Overview
The BPA overview consists of three major components as shown below.
Find out more information about BPA overview here
Capability Adoption
The capability adoption covers the overall adoption across key capabilities and compares it against Industry benchmarks. Within the .html version of an executive summary report, you will be able to view capability adoption data for the current report. It also provides the data for the coverage across key appliance standards such as NIST and CIS Controls.
BPA Executive Summary Risk Assessment
As the complexity and frequency of threats increase, large and small businesses are more vulnerable than ever to cyber attacks. The average cost of a data breach has reached an all time high. Organizations must understand risks they are exposed to in order to make an informed decision about new technology and policy implementation . The risk assessment is the process of identifying, analyzing, and evaluating cybersecurity risks. Nearly all organizations are at risk of a cyber attack. To understand how great this risk is and to be able to manage it, organizations need to know their cybersecurity risk assessment. This identifies which assets are most vulnerable to the risks the organization might face.
(Note: The dollar amount shown under each of the attack types is static and refers as the average cost associated with recovering from the breach)
The current version of executive summary has three types of attack as listed below along with the disclaimer “About Breach Costs” which takes you to the web page that has data relevant to the breach cost.
Business Email Compromise (BEC)
Business Email Compromise (BEC) is a category of threat activity involving sophisticated scams which target legitimate business email accounts through social engineering (e.g., phishing) or other computer intrusion activities. Once businesses are compromised, cybercriminals leverage their access to initiate or redirect the transfer of business funds for personal gain. Cybercriminals use a variety of techniques in business email compromise wire-fraud schemes. Forms of social engineering, such as phishing, offer an easy and cost-effective way to gain covert access while maintaining a low risk of discovery. According to the report, in many cases cybercriminals are simply asking their unwitting targets to hand over their credentials and getting them. The U.S. Federal Bureau of Investigation calls BEC the “$43 billion scam,” referring to statistics for incidents reported to the Internet Crime Complaint Center from 2016-2021. Techniques for business email compromise can vary. Some threat groups gain access to targeted accounts through brute-force credential attacks, for example. However, social engineering, including phishing, is often an easy and cost-effective way to gain clandestine access while maintaining a low risk of discovery. In many cases, cybercriminals are simply asking their unwitting targets to hand over their credentials—and getting them.
Cite: IC3 latest 2022 report on Business Email Compromise -https://www.ic3.gov/Media/Y2022/PSA220504
Domain Name Server (DNS) Attacks
Being one of the core foundations of the internet, the Domain Name System (DNS) is fundamental technology to all organizations. Many organizations have solutions in place to protect areas in their network like web and email, but do nothing to secure their DNS traffic, leading to an alarming rise in DNS-layer threats. A proper utilization of a DNS security service could lead to enhanced DNS security. A DNS attack targets the DNS infrastructure. Attacks can be tailored to either recursive or authoritative servers. The two most common types of DNS attacks are Denial-of-service (DoS) attacks and Distributed-denial-of-service (DDoS) attacks. In both cases, attackers flood internet servers with many requests that they simply can’t answer them all, and the system crashes as a result. A simple DoS attack uses one computer and one internet connection to flood a remote server. They are not very effective at overwhelming today’s high-capacity systems.
Cite: https://www.efficientip.com/resources/idc-dns-threat-report-2021/
Ransomware Attacks
Ransomware is a family of malware that attempts to encrypt files on end-user computers and then demands some form of e-payment to recover the encrypted files. A proper configuration of WildFire Advanced and Advanced URL Filtering could drastically help to mitigate such attacks. URL Filtering will limit access by comparing web traffic against a database to prevent employees from accessing harmful sites. And, WildFire utilizes near real-time analysis to detect previously unseen, targeted malware and advanced persistent threats, keeping your organization protected. Ransomware is one of the most common threats in the modern threat landscape; there are many different variants, an infection can cost a lot of money to recover from, and the actors responsible for the infections are driven to generate as much revenue as possible by extorting their victims. Ransomware in particular has been a focus area for many in the cybersecurity industry because of the impact on targeted organizations and those who depend on them. Unfortunately, these attacks have been made even easier with the rise of ransomware-as-a-service (RaaS) offerings. Ransomware as a service (RaaS) is a business for criminals, by criminals, with agreements that set the terms for providing ransomware to affiliates, often in exchange for monthly fees or a percentage of ransoms paid. RaaS makes carrying out attacks that much easier, lowering the barrier to entry for would-be threat actors and expanding the reach of ransomware.
Find out more information about BPA Risk Assessment here
Key Recommendations
The key recommendations will be based on the failed best practice checks. The initial version of the new executive summary has the following common classifications types that are listed below along with their descriptions.
Preventative
Prevents incidents before they occur, steps taken to avoid unwanted or unauthorized activity from occurring. Here, the view tab will list all the failed Best Practice Checks (BPA) listed under preventative capability summary from the mapping definition.
Performance
Intend to increase the performance or help identify those causing performance degradation to help retain optimal performance. Here, the view tab will list all the failed Best Practice Checks (BPA) listed under performance capability summary from the mapping definition.
Detective
It identifies an incident’s activities or helps identify security violations after they have occurred. Here, the view tab will list all the failed Best Practice Checks (BPA) listed under detective capability summary from the mapping definition.
Contact BPA team at bpa@paloaltonetworks.com
Visit us at www.paloaltonetworks.com/
