" The best way to protect an organization from an attacker is to think and act like one."
This notion of know your enemy is not new. It has been part and parcel of military strategies across the globe. However, as attacks are predicted to increase next year, the traditional defensive network line alone no longer suffices. In a world where the perimeter is fading fast, and attackers continue to gain an upper hand, organizations can ill-afford to ignore a proactive approach pivoted from an attacker’s point-of-view.
The value of a proactive security strategy
Already many organizations are realizing the value of a proactive security strategy. The need to identify hidden threats and potential gaps across the network and remove them in advance, before an attack is even launched is increasingly recognized.
To transition to proactive security, it is essential to continuously test the state of an organization’s existing defense in real-world conditions through breach and attack simulation.
Organizations’ security vulnerabilities are never fully exposed until an attack is launched, and then it is too late. On the other hand, if an organization’s security posture is continuously tested, many unknown vulnerabilities could be identified and addressed before attackers make any unnecessary findings.
Visit Innovation Enterprise's DATAx Shanghai on September 5–6, 2018.
The shift to ongoing security testing
Within a highly complex security eco-system, and an ever-changing IT environment, where the deployment of new systems and security solutions is becoming more time consuming and costly, it makes sense to focus on automatic security testing.
Ongoing automatic testing enables organizations to not only confirm whether existing defense systems are always working, it makes it possible to boost their security posture by highlighting the pathways of penetration an attacker would use to reach their critical assets.
The emergence of breach and attack simulation
For many organizations, cyber security management feels like a military exercise. Within this corporate war zone, new proactive techniques and processes are favored for countering threats. Just as the military sharpens soldier’s skills with large combat testing drills, security-focused organizations are hitting back with cyber attack simulation, or as some would say, professional ethical hacking. Organizations are constantly being attacked by external and internal threat sources scouting for security weaknesses, and inevitably leading to a system compromise or data breach.
According to Garners 2017 report, Hype Cycle for Threat-Facing Technologies, breach and attack simulation makes it possible for organizations to measure security effectiveness. Breach and attack simulation aim to assess the effectiveness of an organization’s security posture, by testing their exposure to cyber attacks and their ability to prevent them. Overall, breach and attack simulation technologies have emerged to become a powerful platform in the arsenal of the organization’s security team.
More advantages of automated cyber attack simulation testing
1. Similar to a red team operation or penetration testing, a simulated cyber-attack highlights security gaps in an organization’s network and IT infrastructure
2. Whereas red teaming and penetration testing, are commissioned to identify vulnerabilities in a specific timeframe, automated simulation testing continuously highlights critical exposures in a network, ensuring no time-lapses in between testing
3. Cyber attack simulation can provide actionable and prioritized remediation to address any identified weaknesses
In conclusion, organizations must proactively take steps to protect themselves against the risk of attacks on critical assets, loss of data and theft of intellectual property, to name a few. Cyber simulation testing can provide attack surface visibility to be proactive against threats and control or even avoid cyber attacks, even before they reach the digital crown jewels. According to Cybersecurity Ventures, 2017 Cybercrime Report, "Cybercrime damages will cost the world $6 trillion annually by 2021."