GUS EVANGELAKOS is the Director of North American Field Engineering, at XM Cyber. He has extensive experience in cyber security, having managed implementations and customer success for many major global brands such as Varonis, Bromium and Comodo. Gus has spent a decade also working on the client side, supporting IT infrastructure and cybersecurity projects. He has a strong background in micro virtualization, machine learning, deep learning (AI), sandboxing, containment, HIPS, AV, behavioral analysis, IOCs, and threat intelligence.
Truly effective organizational security begins with anticipation and ends with continuous testing.
In order to defeat hackers, it’s imperative to assume their perspective in order to help anticipate their next move. When you understand an attacker’s perspective on your network, you can anticipate the most likely
methods of attack.
Then, because cyber criminals can defeat any defense given enough time, it’s essential to continuously test an organization’s defenses — ideally with a real-time, multi-technique attack targeting the most critical assets. In other words, a breach and attack simulation.
HOW BREACH AND ATTACK SIMULATIONS WORK
A breach and attack simulation allows organizations to test the viability of their defenses against the attacks that are most likely to be launched by hackers. After identifying the most critical assets, these simulations
allow live environment attacks to be safely launched and run on a 24/7 basis. When security issues are identified, they are ranked and recommended for remediation, allowing at-risk environments to be
immediately secured.Now that we’ve covered the basics, let’s take a closer look at the attributes commonly seen in breach and attack systems.
THE SEVEN KEY FEATURES OF AN EFFECTIVE BREACH AND ATTACK SIMULATION
Breach and attack simulations share seven features that help make this approach one of the most effective for the protection of critical assets.
Fully automated APT simulation: Manual advanced persistent threat testing is simply ineffective in most rapidly evolving contexts. The dynamism of most networks makes a manual approach fundamentally flawed. Prioritized remediation of security gaps: This feature provides instant feedback on which security issues are most pressing and enables immediate fixes.
Real-time visualization: A breach and attack simulation offers users the ability to see attacks as they occur and chart their path through a network.
Flexible architecture: Whether you’re running on premises or in the cloud, an advanced breach and attack system can accommodate your needs.
Effectively quarantined attacks: Guaranteeing the safety of your production network is an absolute priority, and a breach and attack simulation runs safely with no impact in this regard.
Simple to implement and execute: By focusing on simplicity, the right simulation and remediation product will make testing more efficient while minimizing the risks associated with human error.
Greater realism than standalone security control validation: Rather than simply testing controls, this approach allows you to gain true visibility into all attack paths and lateral movement. The importance of this feature was underlined when one of the world’s largest financial institutions suffered a severe breach while relying on security control validation products. The hacker assumed the identity of an employee to move undetected across security controls, ultimately taking advantage of poor IT hygiene and (all-too-frequent) human judgment errors.
OTHER BENEFITS OF BREACH AND ATTACK
APT simulation and remediation is designed to work within dynamic environments, transcending one of the key limitations of manual tests. This approach also helps organizations optimize their security investments while minimizing the risk and impact of a breach.
This approach can also confirm what-if analysis based on the location of a breach and the digital assets that were targeted. It also uses actual user behavior to identify real attack vectors. Meanwhile, overall IT hygiene
is improved by reducing misconfigurations and the possibility of human error — the kind of devastating lapse seen in the example of the bank outlined above.
By reducing your security team’s reliance on manual testing, organizations can also optimize and automate their approach, freeing up resources that can be deployed in other critical contexts.
Finally, a breach and attack simulation protects the most sensitive information by prioritizing items for remediation. Organizations can also use this simulation to stay one step ahead of hackers by incorporating
the latest attack techniques into their overall defense strategy.
THE BOTTOM LINE
Breach and attack simulations are some of the most innovative and exciting new tools available to security professionals. They help anticipate likely means of attack while offering the robust protection afforded by
For any organization seeking to protect critical assets in a dynamic environment, this approach warrants serious consideration.