As the Russia-Ukraine war rages, its images dominate the news. Those images show the might of military operations, but hidden behind these images, cyberwar puts everyone’s continued way of life at risk.
Today, cyberwar is a reality, with confirmed Russian attacks on US banks and Ukraine enlisting over 175, 000 volunteers in its IT army.
Unlike regular military operations, cyberwar is not constrained by geography, and potential targets can be anywhere, though attacks are likely to focus on critical infrastructures such as utilities, financial systems, healthcare providers, mobile operators, and the like.
As cyber-attackers are on the offensive, so should be any potential target. This is not to say that the local health clinic should start running cyber-attacks on external targets, but it should adopt proactive offensive cybersecurity methods.
Regardless of the evolution of the Russia-Ukraine active war, no one today can predict how far the cyberwar will spread, but anyone could, and should, prepare for it.
What Is Offensive Cybersecurity?
At the turn of the century, the only offensive cybersecurity method available was pen-testing. Though still in use, it’s heading for a fate similar to fencing as a combat art. Nice as a sports activity but inefficient in fending off real attacks.
A pen-tester is a hacker attempting to breach a perimeter and escalate an attack within the target infrastructure to check if it’s possible to gain a foothold, hide and spy, exfiltrate data and deliver commands including encryption or taking over with destructive intent.
The aim is to identify the target’s infrastructure security gaps and inform their security teams of the weaknesses spotted.
Today, pen-testing suffers from two major flaws:
- The offensive methods used by a lone pen-tester pale insignificance compared to the offensive capabilities of modern cyber-attackers, especially nation-state grade attacks.
- The periodic nature of pen-testing is inadequate to cover:
– the constantly changing nature of connected infrastructure is in constant flux due to agile development methods.
– the constantly emerging new threats.
The alternative is security posture management, a generic name for all techniques used to continuously simulate attacks on one’s own infrastructure to identify and, ideally, map potential attack entry points and paths within the infrastructure.
What Are Security Posture Management Tools?
Security posture management is an approach focused on continuously validating the efficacy of the defensive tools’ configuration and of the security controls configurations. To achieve such a goal, it combines two approaches:
Security Controls Validation – A technology that operationalizes a comprehensive array of simulated attacks aimed at validating that your security controls configuration is fine-tuned to stop them. When integrated with your SIEM and SOAR, it shows which attacks were spotted and/or stopped by your defensive array and, more importantly, which were not.
Exposure Management – a technology that continuously scans your attack surface looking for weaknesses. In addition, it launches campaigns to assess if attackers can gain entry and how far they can escalate. Lastly, it assesses your defenses against the latest threats to make sure you can detect and block these.
Both sets of information are highly valuable, as missed attacks require immediate attention but, conversely, successfully deflected attacks might be used to avoid emergency patching of CVEs despite their high CVSS score.
How Can Cymulate Help You?
Well first, Cymulate would like to prevent cyberwar. Any war in fact. However, that might be too pretentious. But we do stand ready to assist with improving your readiness for cyberwar by providing you with holistic visibility of your attack surface and operationalization of the latest immediate threats, malware, and exploit kits for testing.
To ensure comprehensive coverage, those generic options should be complemented by technologies such as:
- Attack Surface Management (ASM) – ASM emulates an attacker’s reconnaissance phase by comprehensively analyzing the target organization’s exposed assets. ASM scans domains, sub-domains, IPs, ports, etc., for internet-facing vulnerabilities and looks for Open-Source Intelligence (OSINT) usable in a social engineering attack or a phishing campaign. ASM helps organizations understand how hackers might get an initial foothold.
- Immediate threat Intelligence (ITI) – Operationalize threat intelligence to check resilience against emerging threats with out-of-the-box automated attack scenarios developed by Cymulate researchers as threats emerge. Actionable remediation recommendations are included in the technical report automatically generated.
At a minimum, this will show you where your security gaps are and give you a precise evaluation of the current state of your security posture.
Extended Security Posture Management (XSPM) platforms such as Cymulate integrate all these elements into a single source of truth. Cymulate stands ready to help you immediately with no obligations.
Validate your security posture now.