SecOps Roundtable: Security Validation and the Path to Exposure Management SecOps Roundtable: Security Validation and the Path to Exposure Management-mask

SecOps Roundtable: Security Validation and the Path to Exposure Management

As the cyber threats continue to become more demanding and catch organizations off-guard, it’s more critical than ever for blue teams and security operations (SecOps) to stay ahead, maintain their systems, processes and controls to be on the offensive. Many SecOps teams have taken the proactive approach in today’s threat landscape with security validation by being able to simulate realistic attacks in a safe environment.

Learning the impact of compliance regulations on SecOps, how offensive security testing can improve vulnerability management, strategies and tools to stay ahead of emerging threats and the role SecOps plays in exposure management can all lead to a successful proactive approach.

Key Changes in SecOps Over the Past Decade

According to Markus Flatscher, Senior Security Manager at Raiffeisen Bank International AG, one of the biggest shifts has been the role of the SecOps professional from gatekeeper to enabler. The SecOps teams had to evolve to a more proactive approach to keep pace with rapidly evolving technology, and as such, this repositioned them as more of consultants making them more aware of the risks they were regularly facing and how to mitigate them.

Another challenge Markus raised is one that plagues the cybersecurity industry– the news cycle and public access to information. The intense pressure that comes from the constant noise of everyday access to public information that customers have leaves SecOps teams always having to answer additional questions about the latest cyberattacks and how it might or might not affect them. These internal pressures add up amongst stakeholders, making it critical to have a proactive approach on all fronts.

The addition of artificial intelligence (AI) to alleviate manual tasks and improve analysis efficiencies has been a game changer, according to Raphael Ferreira, Cybersecurity Manager, AI has enabled faster threat detection, penetration tests and reduced nano tasks.

Why Have Security Teams Moved to a Proactive from a Reactive Approach, and What are the Benefits?

There are several benefits to making the shift from a reactive to proactive approach for a SecOps team. Raphael speaks to a core benefit being preventing threats before they occur, minimizing the risks and reducing response times. This tactic “helps teams identify vulnerabilities early and improves overall security posture” says Raphael. Which in turn, helps reduce the impact of a potential breach.

According to Markus, staying ahead of constantly advancing technology is a must for SecOps teams and is a major component of being proactive. “You have to be aware of what is out there nowadays. At least on a macro scale, otherwise, you’re not able to respond if it actually happens to you,” says Markus. An example Markus provided of how AI and automation is being used at Raiffeisen Bank is by creating a two-layer intake system for the hundreds of security events that take place every day. By implementing AI and automation, the security team is put in an offensive position to attackers, processes are more precise, and efforts and time are where they are needed.

It’s important to remember that just as SecOps teams are using AI and automation to their advantage, so are cyber adversaries to gain their own efficiencies.

Applying Automation to Security Validation

Automated security validation can help identify vulnerabilities and gaps in security software, leading to being able to identify overall weaknesses in security posture. By improving threat detection, a SecOps team is able to strengthen their defenses, better understand real-world attack scenarios and enhance their ability to respond quickly to potential threats.

With the adoption of automation, testing can be done as frequently as needed, whether that’s your endpoint security, security hardening of various operating systems or even your security detection. Executing these tests in a manual way could only minimally satisfy a regulator by doing annual or biannual penetration tests. If you are looking for real assurances for yourself, your stakeholders and customers then implementing an automated security validation is the way forward.

Security Control Validation Versus Automated Penetration Testing

According to Markus, the two approaches and scopes that the two can handle are quite different. With security control validation a SecOps team is trying to test what already exists and whether those detections are successful. With automated penetration testing, whether it’s automated or not, the goal is identifying the gaps and missing security coverage right now.

Staying Prepared for Emerging Cyber Threats

How do SecOps teams stay ready for the next inevitable threat? Raphael recommends integrating a threat protection tool feed with your vulnerability management platform to be alerted if your assets become compromised. In this instance, this process will help patch any vulnerable asset quickly while using continuous monitoring as a proactive approach against other potential vulnerable assets.

For example, Cymulate can assist in the platform assessment in determining where vulnerabilities exist and identifying a false positive/negative.

There are also a variety of cloud-based tools that can help SecOps teams strengthen their positioning, such as Microsoft Azure or Office 365 Defender. Markus recommends not reinventing the wheel when it comes to cloud environments; they already offer a lot of capabilities out of the box. It takes time to understand how best to apply them in your environment. One of the biggest benefits in the shift to cloud is more teams gaining more control and visibility over previous versions of hardware.

How Have You Handled Compliance Requirements?

Automation security assessment tools can come in handy when making light work of compliance requirements or ongoing assurances. Raphael’s experience has taught him to use these tools to his advantage to create a risk appetite score that he can then measure monthly and report to an auditor or controller. This also allows him to regularly test the efficiency of every tool, like antivirals, EGR and proxies. This automated process allows relief to the red team, since they cannot be used to test every single control that comes across, so it’s critical that we continue to find fewer manual ways to execute testing.

Key Takeaways

Managing exposure risks is a 24/7/365 job and SecOps teams are up against extremely motivated cyber adversaries using the very same AI and automation tools that they have access to. Keeping and staying ahead is a constant challenge. Protecting and identifying potential vulnerabilities before they become exploits is where automated security validation can help in a few key ways:

  • SecOps teams help maintain internal stakeholder and customer knowledge of any possible system weakness before they become a larger issue.
  • With this knowledge they can help serve internal communities by creating awareness and trainings for an overall security-informed culture.
  • By doing so, this helps set standards and goals in place with moving towards mitigating any potential exposure before it happens.

To learn more about what Markus and Raphael recommend in staying ahead in security validation and how they use exposure management, watch the replay of the webinar here:

Related Resources

resource image

Webinar

SecOps Roundtable: Security Validation and the Path to Exposure Management

Security operations (SecOps is a game of continuous improvement. Watch this webinar to stay ahead of the game with Exposure Management.
Watch Webinar arrow icon
resource image

E-book

Security Validation Essentials

Learn the difference between your cybersecurity investments and optimizing them with security validation essentials.
Download arrow icon
resource image

Case Study

RBI Validates and Optimizes SIEM Detection with Cymulate

Discover how the growing security department were able to increase their efficiency and improve their security by implementing Cymulate.
Read More arrow icon