Cybersecurity toothbrush

CEOs cite cybersecurity as the biggest threat to the world economy and as a result, the global spend in cybersecurity is expected to surpass $1 trillion by 2021. An enterprise cyber attack can turn into a catastrophe in a matter of hours, potentially damaging any business at any point in time. As we see from the past few years, the greatest have already fallen.

When you think about it, it’s no different from a domestic burglary – a criminal picks the lock on the door and enters the house, avoiding the alarms while searching for the safe. They crack it open, get the jewels and make it out without being caught. In our context, a cyber burglar.

When it comes to malicious hackers, the biggest difference is the number of conductor hallways, vents, shafts, and doors one can use. If you take into account the settings of anti-viruses, firewalls, application firewalls and Windows group policies, etc., it amounts to thousands of parameters. Multiply this complexity when it comes to cloud and heterogeneous environments and it becomes clear that the chances of neglecting a vulnerable security control are very high.

Did We Leave the Door Open?

There is a new rule of equality – everyone is being hacked. If a door is left open, it will be entered. Public websites and applications are exploited as they are released. That’s simply how the internet works in 2020.

The same goes for internal controls. One must assume that at least one point of the organization has been compromised. An attacker will make an attempt on every misconfigured control to progress laterally towards the critical data or services and it only takes one to succeed.

Validation is Calling

The IT network is a living organ constantly undergoing changes – adding and removing users, changing segmentation, new systems, cloud migration -it’s endless. Show me a patch-perfect iron-clad network today and in two-month, I can assure you, its controls will decay in efficacy.

Some people refer to it as instrumentation, others as control validation, but the simplest term is security hygiene. And if it’s hygiene we’re after, misconfigurations is the dirt and it’s often the result of human error.

Our networks are in need of continuous, on-demand testing to ensure controls are kept in tune at all times. As I mentioned earlier, it takes only one misconfiguration for an attacker to progress the attack.

The “Cyber Toothbrush” Rush

An ideal solution should take the form of a ‘crawler’ roaming the network, checking that all controls are enforced and changes have not created weaknesses. For example, Windows Circular Nested Active Directory (AD) Groups, where privileges are misconfigured to enable a regular user to achieve higher privileges than intended, is a hacker’s slam dunk. Are you confident there are none in your network? Only a continuous solution will allow you to answer that question.

Such a solution to this problem is long overdue and many technologies are on the rise to address it. When reviewing them, it’s important to use a few qualifying questions to ensure their operational burden doesn’t cast a shadow over their benefits.

3 Key Requirements for an Ideal Solution

  1. Fully Automated: Many security validation solutions provide a ‘playbook’ approach to risk validation, repeatedly testing for one known attack vector. Despite various claims of ease of use, these require design, maintenance and constant updates. The ideal tool should have a one-click-to-validate approach.
  2. Agentless: Part of the pain in information security is managing software agents with the promise of an ultra-lightweight one that you won’t mind. All agent-based systems require installation, documentation and upgrades, providing a weakness by its own right. The ideal tool should work without agent deployment.
  3. MITRE ATT&CK™: It is key that any cybersecurity validation system is compliant with the evolving matrix of adversary techniques to assure you are covered and validated against them. It’s essential to validate and cover the known and existing threats out there, understand what has been validated against, and evolve with the industry over time.

The Toothbrush Test

The most cost-efficient solution these days is validating your security controls. Whether you have a budget item for this or need to ‘borrow’ from other validation budget items, it’s the most efficient way to make sure you’re at the top of your game with quick and contextualized remediation measures. The ultimate question to ask yourself is, “can I run this solution every day?” The answer should be yes, and the practice should follow suit.

Written by: Amitai Ratzon
Show all articles by Amitai Ratzon
Learn more about automated security validation
Resource center
Get blog updates via email
Trending
Four steps the financial industry can take to cope with their growing attack surface
Four steps the financial industry can take to cope with their growing attack surface

The financial services industry has always been at the forefront of technology adoption, but the 2020 pandemic accelerated the widespread use of mobile banking apps, chat-based customer service, and other digital tools. Adobe’s 2022 FIS Trends Report, for instance, found that more than half of financial services and insurance firms surveyed experienced a notable increase […]

The elephant 🐘 in the cloud
The elephant 🐘 in the cloud

As much as we love the cloud, we fear it as well. We love it because cloud computing services of Amazon, Azure, and Google have transformed operational efficiency and costs, saving us money, time, and alleviating much of the IT burden. We also fear it because as companies moved to the cloud, they found that […]

A new era of tested Cloud Security is here
A new era of tested Cloud Security is here

Cloud computing has fundamentally changed how we operate. It’s efficient and scalable, but it’s not without some problems. Security is the biggest. As we’ve shifted to the cloud, we’ve exposed ourselves to new risks that can’t be ignored. The IBM Cost of a Data Breach 2023 Report points out that 11% of breaches are due […]

Learn more about our platform
Platform