Hi. Welcome to Ingram Micro.

Please choose your role, so we can direct you to what you’re looking for.

If you’d like to learn more about Ingram Micro global initiatives and operations, visit ingrammicro.com.

The value of security assessments

Why partnering with Ingram Micro is a smart way to build a security practice

May 08, 2020

The value of security assessments
Let’s face it. Being a reseller today involves a lot more than just selling a product. To be truly successful in a highly competitive arena like IT you have to wear many hats—consultant, specialist, strategic advisor and business partner.

There’s another role that’s become increasingly important today, that of security expert. With cyberthreats growing in number and sophistication all the time—and security breaches becoming more costly—businesses of all sizes need to take security seriously. And chances are your customers will be looking to you for guidance.

Security assessments are an excellent place to start—they help provide a clear picture of an organization’s vulnerabilities and how to address them. Conducting them early in the planning process helps position you as a “trusted advisor” to your customers.

Partnering with Ingram Micro can help ensure you have the resources and expertise to do assessments right. You get:
  • Unbiased, third-party assistance, driven by analytics, designed to achieve the best possible outcome for your customers
  • Increased margins through an expanded services portfolio
  • Fixed price services with predictable costs
A variety of assessments have you covered
Ingram Micro offers several different assessments to evaluate different aspects of a customer’s infrastructure:
  • Penetration testing—This is used to evaluate the effectiveness of an existing security network in multiple environments, including both on-premise and cloud-based IPs. Technical architects from Ingram Micro Expert Services use a combination of manual and automated testing techniques to evaluate the external security perimeter and provide recommendations for strengthening the security infrastructure to reduce the possibility of an external hacker compromising a customer’s information unknowingly. Penetration testing assesses a customer’s security controls by simulating an attack a hacker might undertake to exploit the weaknesses in its network and applications—both external and internal. 

    Penetration testing can also be used to help your customers meet requirements for PCI, SOX, HIPAA, and 23 NYCRR 500 (cybersecurity requirements for financial services companies published by New York State) for maximum security compliance.
  • Vulnerability assessments—The scope of the vulnerability assessment includes all IT assets that are connected to an organization’s network and provides valuable insights into an organization’s current state of security as well as the effectiveness of its countermeasures.
    • External vulnerability assessment: Conducted remotely, this test is used to identify and classify the weaknesses of the internet-facing IT assets of an organization such as web applications, web servers, network endpoints, VPN and email servers. The findings help determine what external IT assets need security controls, patches and general hardening.

    • Internal vulnerability assessment: Performed from within the premises of the target organization, this test is designed to identify and classify threats and weaknesses in the internal network. It helps determine an organization’s compliance to global or local policies, standards and procedures in terms of information security, data protection and segmentation of networks.
  • Cyber risk scorecards—Cyber risk scorecards offer actionable and easy-to-understand intelligence, using publicly sourced information, to help businesses understand their risk profile and those of third-party suppliers and vendors. Any business with an active URL can be assessed. Two versions are offered—a rapid cyber risk scorecard (covering 150+ security checklist items) and a comprehensive one (covering 500+ items), depending on the level of detail a business is looking for. The scores are given in letter grades, so they’re easy to understand, and risks are aligned with well-known and accepted frameworks like NIST, FISMA cybersecurity framework area/maturity level, FIPS-200 area and GDPR.
Third-party assessment tools
Interested in do-it-yourself tools? Solutions like Normshield provide a good starting point. Using a standards-based approach (NIST, FAIR and MITRE), it scans 20 control points and provides risk assessment results and remediation recommendations in minutes. Normshield also issues a Fair Market report, which monetizes a company’s risk in potential dollars lost.
 
For a deeper risk assessment, vendors like Cymulate offer tools that allow you to run a simple attack simulation to find security gaps and get actionable insights into how to remediate.
 
When you’re ready to go even further, reach out to Ingram Micro for the assessment services outlined above. In these days of heightened security risks, the more you know about vulnerabilities, the better.
Want to learn more about assessments and how Ingram Micro can help you build a security practice? Contact us at DXSolutions@ingrammicro.com.