Introducing the attacker’s perspective for securing the modern enterprise
“True cyber security is preparing for what’s next, not what was last.” – Neil Rerup, President and Chief Security Architect of Enterprise Cyber Security Architect, USA.
No matter how heavily organizations invest in their cybersecurity, digital breaches are becoming increasingly common, targeted and sophisticated. Clearly, the threat landscape is evolving at an alarming pace, as cybercriminals craft novel ways to exploit vulnerabilities in business systems. To counter this, enterprises are expending every effort to build strong defensive measures.
Unfortunately, most existing cybersecurity solutions are simply not adequate for the types of risks that are constantly emerging. So, how does an enterprise build a robust cybersecurity posture that is always one step ahead of bad actors?
In this blog post, we'll be discussing and answering the three core questions that every leader needs to consider when building a future-ready security posture for their organizations.
- What is the risk visibility of your business?
- What do you need to prioritize?
- How do we validate the fixes?
1. Risk visibility: How secure are the critical assets of my business?
The first thing to assess is your risk visibility. And to do so, it is important to consider the issue from an attacker’s perspective. Because while defenders think in lists, attackers think in graphs. They first identify a breach point on the attack surface. This could be a firewall with an open port or an area of vulnerability that can be exploited. Any over-permissioned user or open RDP session or even a misconfigured AWS bucket can become the chosen pathway to compromise critical assets. All these breach points can be mapped on a graph as they offer different levels of access.
Defenders, on the other hand, adopt a more linear approach to safeguarding their security perimeters. There may be multiple security tools, but they are fragmented by architecture. Existing security operations may also be burdened with siloed ‘false positive’ alerts, which leads to wasted human effort and unoptimized resource utilization.
For effective risk visibility, we must understand the likelihood of compromise and the potential impact on business-critical assets. We need answers to key questions such as:
- What can be compromised today?
- What is the likelihood of that happening?
- What is the aggregate impact?
- What is the level of operational risk?
2. Prioritization: Where do I start?
It bears repeating that firms must approach the attack management path from an attacker’s point of view. Until recently, most enterprises sought to uncover known vulnerabilities in their digital environments through point-in-time risk assessments The increase in exploitable vulnerabilities, coupled with dynamic customer networks, means this point-in-time approach is no longer enough to protect an enterprise’s critical assets.
Vulnerability management, as it stands today, requires a recalibrated approach—primarily through its processes of vulnerability discovery and prioritization. In the past, cybersecurity solutions have identified exploitable vulnerabilities through CVSS scoring. This approach focuses on the risk inherent to the critical asset, instead of the risk towards the critical asset. But without a detailed understanding of the pre-or post-conditions, the attack path, or the most at-risk assets (the choke points), security teams find it nearly impossible to determine areas with the highest risk exposure. As a result, they struggle to block attack paths at key junctures and eliminate risk without expending a huge amount of effort.
When you know exactly where your highest risk exposures lie, you can focus remediation actions there. In fact, research shows that when you know where to disrupt attack paths, you encounter 80% fewer issues to remediate.
3. Validation: Has it been fixed?
From internal and external threat detection and prevention to regulatory compliance, connected businesses require a resilient security framework that offers both flexibility and enterprise-wide coverage. To thrive in a dynamic threat landscape, it is imperative for enterprises to not just remediate once but also to continuously validate the fixes and ensure the closure of any open attack path. Purple teaming is another cyber security strategy that is incredibly effective when it comes to validating our existing defense frameworks. It incorporates both, the perspectives of attackers and defenders. Purple teaming approaches cyber threats from opposing angles to carry out simulations that assess and improve an organization’s defense capabilities. From simulating attacks to identifying exposure areas, remediating through attack-based prioritization to validating mitigations—enterprises are now fully cognizant of the need for end-to-end security solutions.
The roadmap to a secure digital fortress
Businesses need to evolve their defense and resiliency posture by investing in security frameworks that drive productivity and enable remote working. HCLTech’s Managed Attack Path Simulation (MAPS) offering detects the widest range of potential hybrid attack paths by safely simulating breaches towards critical assets for enhanced readiness and resilience. It is a SaaS-based service powered by XM Cyber that leverages advanced analytics to uncover potential attack paths across the entire network by virtually exploiting vulnerabilities, misconfigurations, and poor IT hygiene.
With this approach, HCLTech helps enterprises maintain a continuously evolving risk exposure mitigation model by uncovering hidden attack paths to businesses’ critical assets, identifying security controls gaps and prioritizing security exposures so organizations can focus on what matters most. Delivered out of our global cyber security fusion centers (CSFC), MAPS also brings multi-domain security expertise to the table, that allows for prioritized risk mitigation and offers ongoing actionable remediation guidance, proactive governance, and coordination. By deploying HCLTech MAPS, enterprises can partner with a proven, cost-effective ecosystem enabler to fortify their digital fortress, ensure the protection of their digital assets, and drive bottom-line growth.