Cyber Insiders-v8-web - Flipbook - Page 9
Traditionally,security assurance activities such as
red team ing and penetration testing have been used
to provide an adversary’s view ofthe organisations
netw ork and system w eaknesses.W hile such activities
w illalw ays be valuable,they do sufferfrom som e
obvious lim itations.Both activities are point-intim e and therefore only provide a snapshotofthe
organisations security posture.Additionally,the
outcom es ofboth activities are directly related to
the com petence ofthe individuals perform ing them .
This is particularly im portantw here organisations use
m ultiple vendors to perform such activities across
large estates,leading to inconsistentresults.
To overcom e these lim itations a new strategy needs
to be em ployed;one thatm onitors,identifies,
m easures and reduces the risks ofa grow ing attack
surface continuously and consistently.
Autom ated attack path analysis can be used to
identify allthe attack vectors thatcould be leveraged
by an adversary to create paths to the organisation’s
criticalassets.Such analysis is perform ed continuously
and consistently by deploying sensors to endpoints
across the organisation’s internalw orkstation and
serverestate.By keeping an open m ind as opposed
to having a specific goalofgetting from A to B,
w e can betterunderstand the num erous routes and
techniques an adversary m ightadopt.
O nce the attack paths have been discovered and
prioritised in term s ofthe risk they pose,the m ost
efficientw ay ofdisrupting them can be provided
– fixing w eaknesses atthe crossroads ofm ultiple
attack paths can disruptm ultiple attack paths w ith
a single fix.
This approach allow s us to enhance the red team ’s
capabilities w hile m aking them m ore efficient.Instead
ofsending them on a w ild goose chase,w e can offer
a m ap ofallthe attack paths as w ellas the security
controls already in place.W e can then leverage the
skills ofthe red team to testthose specific controls by
seeing ifthey can m anually bypass any ofthem .This
creates the perfectopportunity forsynergy betw een
hum ans and technology:the m achines do the w ork
ofassim ilating data atscale to provide visibility,and
the hum ans step in to do w hatthey do best,w hich is
to think laterally.
C YBER IN SID ERS M AG AZIN E - Vol.2
Page
|
9
