IANS Boston 2023 – How to Transform your Security Program by Adopting an Attacker’s View

With cyberattacks growing in frequency and impact, organizations can no longer rely solely on reactive security measures. To truly minimize risk, security teams need to continuously evaluate their defenses from an attacker’s perspective.  

At the upcoming IANS Boston 2023 event on October 18th, Mike DeNapoli, cybersecurity architect and director at Cymulate, will hold two sessions to demonstrate how to integrate the attacker mindset.

Session: Thinking Like an Attacker: A Different View of Cybersecurity 

When: Wednesday, October 18 at 9:55 a.m., 1:05 p.m. and 3:30 p.m. 

Attendees of the “Think Like an Attacker: A Different View of Cybersecurity” will:   

  • Discuss how thinking like an attacker provides unique insight into defenses  
  • Analyze the importance of prioritizing threats based on their risk to the business  
  • Examine ways blue teams can leverage offense viewpoints to let defenses thrive  

Evolving Security Operations into Exposure Management 

When: Wednesday, October 18 at 3:05 p.m. 

Attendees of the “Evolving Security Operations into Exposure Management” will: 

  • Identify reasons why the SecOps team struggles to get the business off board with cybersecurity changes  
  • Discover how exposure management engages business stakeholders in cybersecurity operations  
  • Learn how to improve communication and roadblocks impacting organizations’ resiliency  

 The sessions will expand on how techniques like attack surface management (ASM), breach and attack simulation (BAS), automated red teaming, and exposure analytics assist organizations in identifying and mitigating critical exposures. 

For those unfamiliar with these emerging technologies, below is a brief overview of each of these techniques: 

ASM Pinpoints Exploitable Vulnerabilities 

Through simulating attackers’ reconnaissance phase, ASM is the ongoing process of discovering points within systems that could be used to attack the organization (servers, applications, services, cloud components, workstations, etc.) and defining and implementing remediation strategies to address gaps. Advanced ASM tools include: 

  • External ASM that scans your public attack surface looking for security gaps 
  • Internal ASM assessments that find system exposure and risk that could lead to lateral movement escalation in case of breach. 

In short, ASM catches configuration issues, unpatched software flaws, risky permissions, and more. 

BAS Validates Controls 

Through launching attack simulations, BAS takes the next step by validating whether existing controls can withstand real-world attacks.  

BAS capabilities include: 

  • Production-safe attack simulations. Operationalize threat intelligence adhering to the MITRE ATT&CK and the NIST frameworks with ready-to-use attack simulations. Automated, scheduled attack scenarios with a customization wizard for environment-specific refinements. 
  • Dynamic dashboards and automatically generated reports. Security assessment findings are listed in an automatically generated report with actionable remediation guidance. Custom reports and dashboards can be created from ready-made executive and technical report templates. 
  • Granular findings Analysis and remediation guidance. Cross-analysis from multiple validation sources is displayed on a single pane of glass with customizable views and filters.
    Each finding individual report includes actionable remediation guidance, with off-the-shelf Sigma rules, lists of IoCs, and more. 

By proactively testing security controls, teams can address gaps and improve incident response plans for when true attacks strike. 

Automated Red Teaming Continuously Tests Defenses  

Automated red teaming provides adversarial simulations for ongoing validation of security defenses. 

  • Full Kill-chain campaigns. Validate security controls and response against real-world cyber
    attacks to stress test defenses and identify gaps. 
  • Network pen testing. Simulate an attacker that has gained an initial foothold and moves
    laterally in search of any additional assets that can be compromised.​ 
  • Phishing awareness. Create and run internal phishing campaigns to measure employee
    resilience against phishing attacks. 

By relentlessly launching outside-in simulated attacks, CART helps defenders view security through an attacker lens and uncover exposure to risks that require urgent remediation. 

Exposure Analytics Prioritizes by Business Risk 

Exposure Analytics correlate and analyze data from a variety of data sources for better remediation and reporting. Exposure analytics should have capabilities such as: 

  • Correlation to correlate exposure potential with business context.  
  • Reporting to generate reports on issues to be addressed, in context, by risk and area of responsibility. 
  • Prioritization to create prioritized remediation plans based on contextual risks and business impact. 
  • Benchmarking to establish baseline risks and security posture with continuous assessment and improvement tracking. 
  • Quantification to build risk metrics and performance tracking for CTEM program scoping and mobilization. 

Exposure analytics creates risk-ranked inventories, measures resilience levels, accelerates response, and gives executives data-driven insights into security priorities. 

Adopt an Attacker View to Reduce Risk  

Gaining an attacker perspective is invaluable for implementing a proactive security program centered on avoiding breaches, not just detecting them. 

Learn how the above types of attack simulations and exposure analytics can transform your security practice and what it takes to implement adversarial thinking and exposure management across your systems, users, applications, clouds, and networks. 

Register now for IANS Boston 2023 and be sure to attend this session for actionable guidance on adopting an attacker viewpoint. 
See you at the IANS Boston Convention and Exhibition Center, 415 Summer St, Boston, MA 0221  this Wednesday, October 18.