By Gus Evangelakos, Director Field Engineering, XM Cyber
The challenge of maintaining robust organizational security has never been tougher. Just consider this:
- An estimated 350,000 distinct versions of malware are identified daily. A new malware program is released every seven seconds — a number that keeps increasing every year.
- The average cost of a data breach is now nearly $4 million, according to research from IBM and the Ponemon Institute.
- Only 38% of global organizations report that they are prepared to handle a sophisticated cyberattack.
Threat growth, breach expense and corporate preparedness are longstanding issues within cybersecurity. Yet today’s defenders must also deal with additional factors that compound the difficulty of the task they face.
First, while growth in cloud computing has helped organizations with scalability, flexibility and cost, it has also introduced new risk factors. As organizations race to migrate, security often becomes a secondary concern. Managing risk in a hybrid environment can be a challenging mandate to meet, given the complexity involved.
Second, the COVID-19 pandemic has, almost instantly, made remote work the default option for vast groups of workers. This has greatly expanded the attack surface and created thorny new shadow IT challenges for defenders to navigate. Additionally, organizations that deployed regular penetration testing, or red team exercises, to assess risk face new disruptions. Building access needed for on-site testing has been severely curtailed in many places by COVID-19.
Given these circumstances, it’s no understatement to say that the security environment has never been more challenging. So how can organizations rise to this challenge in a time when some of their most tried-and-true methods (pen tests/red teaming) are no longer fully deployable?
A breach and attack simulation (BAS) platform is one possibility. These cutting-edge solutions provide continuous and automated testing that is deployable at a distance.
Choosing the best option among all breach and attack simulation tools, however, is key.
Why BAS Platforms Are the Right Tool for This Moment
Breach and attack simulation platforms provide organizations with a unique tool to use in their battle against today’s most sophisticated threats. These cyber-attack simulation solutions work by launching non-stop attacks against organizational security environments, simulating the techniques and attack paths most likely to be used in an attempted breach.
By running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.
This automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.
How to Evaluate a BAS Platform
While BAS platforms stand apart in their ability to provide automated, continuous protection, not all BAS solutions are equal in terms of features and purpose . The best way to evaluate these offerings is a feature checklist.
With that in mind, let’s take a closer look at the core features organizations should look for when choosing a BAS platform.
- The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.
- The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.
- An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.
- The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.
- Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.
By identifying these core features and using them as a yardstick when evaluating BAS platforms, organizations can make the most informed possible decision — and gain access to robust risk assessment and protection.
Explosive growth in malware, sophisticated APT attacks, the complexity of cloud and hybrid environments, onsite testing restrictions — today’s threat landscape is enough to keep organizational security teams awake at night. To stay ahead of these challenges, defenders need the power of continuous, automated risk assessment and protection in all security environments. In other words, they need the power of cyber security simulation.
BAS platforms are the best tool defenders have at their disposal to achieve this goal. By carefully evaluating the relative strengths and weaknesses of solutions in the breach and attack simulation market, organizations can make the right choice — and defeat attackers by mimicking their own mindsets and techniques.
About the Author
Gus Evangelakos is the Director of North American Field Engineering, at XM Cyber. He has extensive experience in cyber security, having managed implementations and customer success for many major global brands such as Varonis, Bromium and Comodo. Gus has spent a decade also working on the client side, supporting IT infrastructure and cybersecurity projects. He has a strong background in micro virtualization, machine learning, deep learning (AI), sandboxing, containment, HIPS, AV, behavioral analysis, IOCs, and threat intelligence. Gus can be reached at his LinkedIn and at https://xmcyber.com/