Globally, the impact of a data breach on an organization averages $3.86 million, but some of the most serious “mega breaches” can cost hundreds of millions of dollars. U.S. based breaches are the most expensive, costing on average $7.91M, reported Forbes magazine, citing the 2018 Cost of a Data Breach Study conducted by Ponemon Institute.
Cyber attacks are growing steadily in number, strength and variety, but in many cases the efforts required to combat them are still crawling. Top-notch hackers can mimic legitimate user actions and go under the radar of protective measures. They can move laterally from hole to hole and reach what matters most to you – your crown jewels.
What if you could see your organization through the eyes of the attacker? The good news is that there are tools for simulating cyber attacks and help you win this battle. Simulation is truly a game changer here. It runs exhaustive scenarios, which are safely activated simultaneously and continuously within the production environment, exposing attack vectors and compromised assets.
The result of cyber attack simulation is that you can check every possible route and type of attack vector – from the attacker’s perspective – to see where the organization is at risk and take actions to remediate. The best part is that some cyber attack simulation tools allow you to automate the action.
A Growing Trillionaire Market
Cybercrime is a fast-growing industry and with no signs of slowing down. Although WannaCry and NotPetya still outstand as the most spectacular and notorious cyber attacks of all times –NotPetya is also considered the costliest global cyberattack in history, with a damage estimated at $10 billion, reported Wired, citing a White House assessment – you never know when the next big one will strike hard.
In 2018, the cybercrime economy was estimated to be worth $1.5 trillion, reported The Fintech Times, when major attacks hit even the big giants like Facebook, Amazon and Google. There is no doubt that 2019 will break the record. There was also a 350% increase in ransomware attacks, according to Newsweek.
However, it’s worth noting that, while many CISOs still consider zero day threats one of their chief concerns, they are actually being employed much less frequently and most cyber attacks are surprisingly unsophisticated – so simple, in fact, that the National Security Agency (NSA) reports 93% of them could be prevented just by incorporating some basic best practices.
It turns out the hackers no longer need to put in the time-consuming effort necessary to construct elaborate new attacks, because they know they can sneak through companies’ defenses just by taking advantage of poor IT hygiene.
Penetration Testing and Red Team Assessment
A penetration test detects and exploits vulnerabilities throughout your network and infrastructure. During a pentest, specialists utilize real-world attack techniques to achieve a predefined objective on the target environment. Although the technique has been widely used for several decades, there are other ways on the market that organizations can test their security.
A red team gives the organization the opportunity to test its security team against the techniques and approaches used during real breaches, see how the team reacts, and identify points of improvement. Therefore, red teams have been gradually introduced by several organizations.
Pentesting can overlap with red team exercises and this may be a bit confusing to some people. It turns out that penetration testers and red teams are the same people, using different methods and techniques for different assessments. They are like judo and karate, or sumo and krav maga – one is not necessarily better than the other and organizations see value in both. When combined, they can present a company with a good, point in time, risk evaluation.
The Evolution to Breach and Attack Simulation (BAS)
Recently, a new category of solutions has emerged to help with this problem. Breach and Attack Simulation tools allow organizations to continually and consistently simulate the full attack cycle against their infrastructure, using software agents, virtual machines, and other means.
BAS automates the testing process and performs it continuously. While these tools may not have the same creativity and ingenuity as human white hats, they can test all the time across a broad spectrum of different kinds of attacks.
Breach and Attack Simulation products that are becoming more mainstream and have begun transforming the security testing landscape. “The tools we looked at all used simulations to test network security in a risk-free environment. While this may limit what they are capable of simulating, these tools provide a lot of insight on security holes and can greatly decrease the manual effort required during testing,” wrote SC Magazine.
Purple Team: Simulate and Remediate
Many red and blue teams (the company’s own IT personnel who defend their organization’s around the clock) have worked very much in silos. In some cases, some can get out of sync with each other. A purple team should enhance red and blue teams’ existing capabilities and allows them to exchange ideas, observations and insights more productively.
All three forces share the ultimate purpose of improving the organization’s defenses. Red does this through “ethical attack”, blue through defense, and purple by ensuring that the previous two are cooperating. Great! So what’s the evolution of purple teams?
Automation: Crowning Purple Teams
With an automated purple team running continuously, organizations will finally be able to follow prioritized remediation guidelines and know as soon as an issue has been resolved. The move to automation empowers organizations with the ability to gain a worm’s eye view into new back doors and blind spots as soon as they appear and move to remediate them immediately without delay.
XM Cyber’s HaXM is the first fully automated Advanced Persistent Threat (APT) simulation and remediation platform to continuously expose attack vectors, from breach point to any organizational critical asset. This continuous loop of automated red teaming is completed by ongoing and prioritized actionable remediation of security gaps.
In effect, the solution operates as an automated purple team that fluidly combines red team and blue team processes to ensure that organizations are always one step ahead of the hacker. Addressing real user behavior, poor IT hygiene and security exploits, HaXM continuously leverages advanced offensive methods to expose the most critical blind spots.