Much has changed since the time when organizations only knew of antiviruses and simple firewalls as the tools, they need to protect their computers. To address newer challenges, security providers have developed new technologies and strategies to combat evolving threats.
Stephanie Benoit-Kurtz, Lead Area Faculty Chair for the University of Phoenix’s Cybersecurity Programs, offers a good summary of the changes security organizations should anticipate, especially in the time of the pandemic. “The threat landscape over the past 18 months has significantly changed in complexity and frequency of attacks. Long gone are the days when a lone wolf attacker was manually knocking at the door.”
To get acquainted with the ways security firms are handling the new breed of threats in cyberspace, here’s a rundown of the notable strategies the leading cybersecurity platforms and security firms are offering.
One of the headline features of modern cybersecurity platforms is breach and attack simulation or BAS. Designed to test the efficacy of existing security controls and improve them, BAS spots vulnerabilities in security environments by mimicking the possible attack paths and methods that will be employed by hackers and other bad actors. Gartner says that “breach and attack simulation tools help make security postures more consistent and automated.”
BAS is one of the top features in security posture management platforms for enterprises. It is not only able to check whether or not security controls are working the way they should; it also maximizes the ROI on these controls. Many organizations may not pay that much attention to this, but they are getting the return on their cybersecurity investment every time they elude disruptions and other forms of damage from cyber-attacks. BAS is easily one of the highly effective new ways of examining and improving cybersecurity efficacy.
Breach and attack simulation is designed to catch the most recent attack techniques employed by advanced persistent threats. Together with the MITRE ATT&CK framework, it achieves what some security firms describe as “threat-informed defense” by taking advantage of the latest threat intelligence and the knowledge of the tactics and techniques cybercriminals use. It effectively simulates the way malicious software and cyber-attacks impact endpoints, commit data exfiltration, and move around a network laterally.
Red teaming is the strategy of using a group of ethical hackers to simulate a cyberattack on an organization. It is a form of security testing that relies on white hats or security professionals who will attempt to break through cyber defenses in whatever way they can think of.
Red teaming is a labor-intensive endeavor. To adequately cover all of the security controls and related aspects of an organization in a timely manner, several team members will have to work together. The problem is that this kind of approach is no longer compatible with the current cyber threat landscape, given how aggressive, frequent, and sophisticated the attacks are nowadays.
To keep up with the rapidly evolving threats, organizations need a continuous approach in security testing. Security vulnerabilities can emerge anytime, and defects in the protective measures put up by an organization will not wait for when the next red team evaluation would take place. There should be no gap in the integrity of an organization’s cybersecurity to ably deal with new attacks.
For these, the elements of continuity and automation are necessary, continuous automated red teaming or CART is an appropriate solution. Serial cybersecurity entrepreneur Bikash Barai, who has spoken at the RSA Conference and TEDx, calls CART the future of security testing.
While BAS tools usually require both hardware or software agents within an organization to simulate the way real cyber-attacks work to penetrate an internal system, CART takes on a different approach. It does not supplant BAS, but something that complements it. “CART on the other hand works using an outside-in approach and conducts real attacks without the need for any hardware, software, or integration,” Barai explains.
CART has a pronounced edge over traditional red teaming because of its consciousness. Because it is automated, it can replace people and reduce the cost of conducting red teaming while making sure that the security testing is not only periodic. Continuous automated red teaming is even designed to discover risks and attack surfaces on its own, not necessitating any human-initiated launching and inputs to undertake multi-stage attack simulations that evaluate networks, apps, policies, and even human behavior.
Another notable new approach used by leading cybersecurity platforms is advanced purple teaming. For those who have some background with red (attack) and blue (defense) teaming, the first thing that comes to mind upon hearing about this strategy is that it is a combination of the red and blue teams.
This preconception is not completely wrong, but it is also not exactly right. Yes, it combines the elements of the attack and defense cybersecurity teams, but it does not result in the creation of a new team with red and blue members. Rather, it is the adoption of a new mindset in conducting security evaluations.
Instead of keeping the two teams totally separate and independent, purple teaming enables some degree of collaboration to enhance each other’s abilities in achieving their respective goals. The blue team gets to see things in the perspective of the attack simulators for them to develop threat-aware defenses that anticipate lateral attacks and tweaks they would otherwise miss if they only focus on their defensive mentality. Similarly, the red team benefits from the collaboration by obtaining insights on how the blue team would likely plug vulnerabilities and respond to new attack tactics.
Purple teaming removes the problem of siloing that holds back the optimization of cyber defenses. It maximizes the scale of adversarial expertise, which leads to the crafting of new ways to scrutinize and bolster security controls that suit the unique cybersecurity environment of an organization.
As veteran international management expert who specializes in cybersecurity strategies and communication Tanya Candia explains, “Purple teaming is a proven way to provide stronger, deeper assurance — with more certainty — that the agency is being protected.” Through this approach in security testing, cybersecurity teams with opposing perspectives operate under unified overall goals. “The functions of both red and blue teams are taken on simultaneously, with members working together to enhance information sharing,” Candia adds.
Advanced purple teaming is a significantly improved way of undertaking purple teaming that employs automation. It is designed to make it possible to simulate attack scenarios that are automatically correlated to security control finding in examining breach detection functions as well as the capabilities of an organization to respond to security incidents promptly and effectively.
Many of the world’s top cybersecurity platforms and security solution providers have already embraced breach and attack simulation, continuous automated red teaming, and advanced purple teaming. These strategies in securing organizations may be relatively new, but cybersecurity professionals can vouch for their effectiveness in view of the new kinds of problems presented by cunning malicious actors in cyberspace.
They are not perfect silver bullet solutions that guarantee foolproof protection against attacks. However, they represent the advancement the cybersecurity industry has to offer to better handle the evolution of threats in the digital online world.