 So some of you may have seen just the other day I did a video on you know MSPs and ransomware Kyle from Hunter slabs Did a video on this this is IBC a really hot topic here in September of 2019 and in that video I suggested ways to help mitigate the risk and security is all about mitigating the risk So I have an expert with me because one of those questions come up. Well, how do you mitigate the risk Tom? Well, it's called a vulnerability assessment Yes, and or risk assessment and risk assessment. Yeah, how are you want to phrase it exactly? He can help you with those those most things of yeah, I know a lot of stuff I know how to set up a lot of things that doesn't mean I should be so overly confident to make the assumption that everything I set up doesn't need a second set of eyes that everything in my office everything in my stack Shouldn't be audited because the bad guys will audit you for sure You do not want their findings because that's how all these attacks happen. That is how all of these attacks happen So what so what happens is for a vulnerability assessment? It's very much so different than a penetration test I would say that vulnerability assessments are kind of a precursor to Penetration test so what you would do with the vulnerability assessment is external and internal and you would see okay What is my external posture? How many ports do I have open to the world? What are my external services? Are they patched? What do they look like? You know, is there any way that an attacker could come in to my perimeter then you have an internal scan What does it look like if someone, you know? You know compromised my host already and was using it to do other bad things What other vulnerabilities could they leverage on my system to be able to escalate privileges or you know do further damage and This is really important to constantly be assessing this to constantly looking at your network stack and actually make it happen This is imperative right now if you care about security and you don't want to lose everything that you've had built You know you hear these horror stories, and I feel terrible for these MSPs that got hacked I know they didn't want to you know, there's always that tongue-in-cheek ha ha Oh, yeah, they didn't have to FH or not But the reality is some of them genuinely tried and had a really minor slip up They had one little thing and that's the challenge with security You have to be right all the time the bad guys are just waiting for you to be wrong one time red teamers only have to Be right once that's why I love red team. Yeah red teamers pretty much always win It's really hard to beat the red team and it's even harder to beat the bad guys sometimes because they're just poking away at it And if you're the low-hanging fruit, you're the one that's going to get picked So I'm just sending this as a warning if you're wondering about resources to do it I'll leave a link how to get in contact with Xavier how you can start the process to get assessed. It's not Free but it's also not you know unreasonably priced. It's affordable We're in a company called enterprise offensive security and we are dedicated to helping you find all of your exposures Yeah, and we're very open about the process We're going to use and everything else and I have more information on his website on there plus you can follow him on his channel You know we talk about I have a lot of information on my channel here leave a link also Xavier has a YouTube channel He started where he's starting to show some of the way he does some of the testing We'll also link to a video me and Xavier do before about how we do like this application testing We're very public about all this is being done. The but the most important thing is you know At least do your own assessment internally if you think it's something you were ready to have someone extra to look at Or you have a larger MSP base don't let one little oversight one little mistake destroy everything you built This is not trying to play on fears of playing on the reality of every day You see another MSP hacked and it's almost always just some minor oversight have a second set of eyes I know I do and I would say this right if you are mature enough in your vulnerability assessment program And you feel like you have a coverage right and you have a team that's dedicated to that get an external pin test Because now you've actually qualified and check the box of hey Have you done anything to take a posture in your maturity on security? And so then we would come into a penetration test and kick you even harder and see exactly Hey, can we come up with novel ways to break your software? Is this your product? Can we come up with ways to abuse your product? Is this your process? Let me come up with ways to abuse your process So that's when the the more advanced things come into place But I would say vulnerability assessments in the place to start. Yeah, it's about getting started on it It's about not becoming under statistic and that's really why I wanted to make this video I want to make sure people have a resource have you know that there are things out there I've also mentioned there's you know following the NIST programs running out. There's plenty of free stuff There's plenty of stuff you can find online But make sure you start doing it and when you're ready, you know contact us I'll leave links below and where you can get a hold of Xavier and offensive security and of course watch our YouTube channels We try to put out a ton of information out here both of us do on cyber security and everything to help keep you safe and See you guys later. Thanks. Peace And thank you for making it to the end of the video If you liked this video, please give it a thumbs up if you'd like to see more content from the channel Hit the subscribe button and hit the bell icon if you like YouTube to notify you when new videos come out If you'd like to hire us head over to Lawrence systems comm fill out our contact page And let us know what we can help you with and what projects you'd like us to work together on If you want to carry on the discussion head over to forums.laurancesystems.com where we can carry on the discussion about this video other Videos or other tech topics in general even suggestions for new videos They're accepted right there on our forums, which are free Also, if you like to help the channel in other ways head over to our affiliate page We have a lot of great tech offers for you and once again, thanks for watching and see you next time