The purpose of Breach & Attack simulation
The purpose of Breach & Attack simulation
We all know that a penetration test is something that is important and necessary in order to know what the your current security tools are missing.
- Is everything patched for bug X?
- Are there some policies in the firewall that we forgot about and can be abused?
- is lateral movement allowed in my network or is my segmentations on par?
However, where penetration testing is still awesome, it does lack one thing due to a lack of resources & manpower, and that is continuity.
A once a year penetration test is a reflection of that moment in time. It is a snapshot. It provides us with very good answers towards the question, are we likely to get breached, but it only provides an answer for the timeslot during which the penetration test ran. If, for example, the day after a penetration test a human error occurs in a firewall policy you could be vulnerable with a false sense of security. Since the error was not present during the penetration test, it is unlikely that the error is spotted in a timely manner and therefore fixed.
What if we could progress towards a continuous testing of our security tools, our strategy and the implementation of them?
We could setup a permanent team that continuously runs these penetration tests, but we all know that the manpower is simply not there. Therefore we should look for a tool that can perform these tasks. The technology vertical is called breach and attack simulation and here is why you should look into it.
The first thing is obvious based on the previous lines of this blog, but is still important to mention. Namely the lack of manpower in IT and the shortage of knowledgeable people. If we have a tool at our disposal that runs a certain simulation / test on our environment every month, every day, every hour, and provides us with a detailed report on what went wrong or if everything is still running as expected that would be huge benefit for any organization.
The next thing is verifying the benchmark at all time. We all know that a good standard deployment without to many one offs is key to securing our environment. With every one off the complexity grows and with complexity come security gaps. Every device starts out with the “golden image” installation. Usually, it does not take long before exceptions are requested. These exceptions can introduce new security issues that are device specific. Only testing the golden image towards new security threats is therefore no longer enough. We need to check every device for security gaps, because not one device is completely the same. Manually checking every device is impossible in any organization, large or small. So we need a machine to perform this repetitive task on a daily basis. A breach and attack simulation solution can verify if the security posture of your devices are still on par. So you can be sure that the alterations made won’t impact the security posture that your organization demands.
Another good example is the storm that the log4j vulnerability created in the market. Every IT professional received the same question from the management: “Are we vulnerable and if so, what is vulnerable?”. Most of us had no idea and needed to wait for suppliers to perform the testing and release a statement. Since this was time consuming and uncertain, most of us hoped for the best in the first few days. But, what if you had a tool that released a test plan to simulate the vulnerability breach towards your own equipment. Just download the new test, run it and the report tells you where the breach ran successful and where it was stopped and by what. Within hours of the test being released, you were certain what items needed patching and which ones you could leave alone. In this case, you did not rely on the supplier to deliver the information, you were able to test and verify it for yourself. In this case, you are certain and not just trusting a third party on their word.
The last thing is less interesting for the techies out here, but certainly comes in handy if you manage the budget for your team. How do you know in what to invest next? Or, should you even spend money on another tool? Perhaps we can reconfigure some existing tools instead of purchasing a new one? Now, if you can just run a tool that tells you what equipment has stopped the simulation of malware, or if it ran successful, provides you with some more context on what could have prevented this breach? Perhaps the next tool in your portfolio? Perhaps a new setup? Or just a small configuration change?
This information can also assist you in requesting the budget with your management. Do we really need this tool is a standard question in every budget discussion. Or, what is the return that we are getting for this value. Breach & attack simulation tools provide detailed reporting on the efficiency & effectiveness of your current cybersecurity posture. You can now objectively argument why to add a new investments into the budget. You can prove that malware X can now roam freely and with tool Y we can stop it. Not just based on your gut feeling, but based on real life simulations that ran inside your own environment!
If you want to know more about breach and attack simulation and how Jarviss can help you with this new technology feel free to reach out.
Author: Yves Weyns