Partner Insight: Automation is the first step to sophisticated security

Partner Insight: Automation is the first step to sophisticated security

Steve Smith, AVP at Pentera, says the slump in the global economy is another driving factor, as is the simple lack of manpower. With the number of threats increasing at an all-time high every year and IT managers being challenged on multiple fronts, it’s no surprise that many have decided to turn to automation to meet the security challenge. .

We spoke to Steve about the state of the security market and why understanding the attacker’s perspective is so important when designing defenses.

Computing: What is behind the growing demand for automated security solutions?

Steve Smith: The main driving force is currently the downturn in the economy and the lack of manpower.

In the current economic downturn, businesses need to figure out how to do more with less and become more efficient. Add to that the general scalability challenges that arise as our networks grow faster than ever before, and you understand the mass movement towards automation.

With every new device, tool, and service, the attack surface increases in tandem, to the point that it’s nearly impossible for IT security teams to maintain a strong, continuous security posture. To illustrate the escalation of attack surface growth, you need look no further than the proliferation of CVEs. According to the National Institute of Standards and Technology, 20,158 new vulnerabilities were discovered in 2021 alone, marking the fifth consecutive year for record vulnerability disclosures. Locating and patching all critical instances for every single vulnerability on your network is hard enough, but scaling that works across 20,000+ vulnerabilities is nearly impossible. The situation becomes even more untenable when you consider that this volume of vulnerabilities is only from the past year and that managing vulnerabilities is only one aspect of the responsibilities of security teams.

To keep up with today’s pace of work, IT teams must be extremely judicious with their time and cannot manually identify every problem on their vast networks. The good news is that automated security solutions today offer new levels of efficiency in terms of quickly detecting security vulnerabilities and prioritizing them according to their potential impact. The next generation of these solutions move away from prioritizing vulnerability severity simply based on Common Vulnerability Scoring System (CVSS) scores by displaying more attack chain context, root cause, and business risk in language. light.

CTM: Can automated security help protect against major threats like ransomware?

SS: The short answer is yes.

Ransomware attacks have rapidly increased in frequency and severity, with a single attack potentially causing millions of dollars in damage. The ransomware attack strategy relies on accessing and encrypting critical data within the network that a business would be willing to pay to recover. Once the adversaries have successfully kicked you out of the system, there really is no recourse unless you have a backup and can recover. Therefore, the most important key to stopping a ransomware attack is to completely deny hackers access and remote code execution (RCE) capabilities.

To stop ransomware, the entire security stack must work as a single stack: tested as a single stack against an automated ransomware attack and tuned for millisecond response. Security validation is one of those places that helps the automated defenses needed to fight the automated attacks that hackers are now using.

CTM: What immediate and long-term benefits can IT teams see after adopting automated security?

SS: The main benefit companies see immediately is increased visibility to find the most critical gaps and reduced reaction time for remediation. The speed and scale that automated solutions are able to seek, compared to human counterparts, allows security teams to identify their most critical gaps in a fraction of the time.

In the long term, automated security allows companies to be much more proactive in improving their cyber resilience and reducing their exposure. With automated security solutions that handle traditionally time-consuming tasks, like monitoring and generating relevant alerts on security vulnerabilities, the security team can be much more proactive and focus on issues that really need attention. human.

CTM: How can an organization be sure that its security software protects its entire internal and external attack surface?

SS: The best way to make sure everything works as it should is to test it.

In the financial world, companies perform audits to ensure sufficient and accurate financial reporting and management, and in the cybersecurity world, we have pentests. Approaching your organization from the hacker’s perspective, pentests test your existing security controls to determine where they are effective and highlight what needs to be fixed in terms of vulnerability, misconfiguration, or exploitability. This provides cybersecurity companies with a clear understanding of their current security posture as well as an actionable roadmap to address their issues.

CTM: One of Pentera’s USPs is to arm customers with “the attacker’s perspective”. Why is this important?

SS: Businesses today use a variety of security tools to protect their networks and assets. However, despite all the solutions, the rate of violations continues to rise.

The problem isn’t necessarily that organizations don’t have the right security tools on board, it’s often that security controls don’t deliver what they promise or are misconfigured. How do you know your firewall or XDR is actually working as advertised? The simple answer is that you test them.

The importance of understanding how an adversary can exploit your network is beginning to permeate the security world. Last September, CISA (the US Cybersecurity and Infrastructure Security Agency) issued guidance recommending that organizations continuously validate their security against the latest MITER ATT&CK techniques. To understand your true exposure, you need to understand all the techniques and tactics hackers can use to break into your network and test your existing security solutions against them. CISA recommends testing the network in production rather than simulating stress tests. This not only allows you to see what vulnerabilities or misconfigurations exist within your network, but also to understand how hackers can use them to breach you and what needs to be done to avoid this. Visibility of your true cyber risk and resulting remediation roadmap is exactly what Pentera provides.

Pentera’s automated security validation platform challenges the organization’s existing security from its external assets to the core of the enterprise. Emulating real-life hacker techniques and behavior, our platform validates your security across the entire cyber kill chain. Questioning the security of your network in production allows security practitioners to understand where their security is effective, where it is vulnerable, and which vulnerabilities are actually exploitable. Pentera provides an actionable roadmap for reducing exposure based on your current network and how real-world hackers can exploit it.

This post was sponsored by Pentera

#Partner #Insight #Automation #step #sophisticated #security

Leave a Comment

Your email address will not be published. Required fields are marked *