While cyber threats increase daily in volume and sophistication, data breach evaluation – an essential tool for validating the security of corporate and essential infrastructure – has lagged behind. This has left many companies and organizations not knowing whether they are adequately protected against the very latest threats or what urgent steps they need to take to better protect themselves.
A better approach to data breach evaluation is needed, an approach that can truly evaluate the limits of the security protections in place to prevent the very latest complex and sophisticated attacks – with attack vectors that truly replicate what companies are experiencing, for real, on a weekly basis.
The current conventional approach to data breach evaluation is based on simulating cyber-attacks. In its place, we need assessments that use actual attack components, true hacker activity, and malware executables that can test and analyze an organization’s threat landscape against the latest cyber threats. This alternative approach is data breach emulation.
With data breach emulation, assessments are based on the use of actual attack components, real hacker activity and the latest cyber threats, executed across every potential attack surface. The result is a comprehensive, holistic assessment of an organization’s vulnerabilities, across all its platforms and surfaces.
Security assessments: a cornerstone of cyber-defense
No organization would install a new software application or system without extensive testing to see whether it does the job it’s supposed to do. Likewise, no company would launch a new product, be it a car or even a toaster, without first testing that it’s both safe and performs as it should.
Information security is no different. Security assessments are essential to ensure that every possible avenue of attack is properly secured from the very latest cyber-attacks and strategies.
Assessments must ensure that cyber defenses are doing the job they are meant to do. But they also have to identify exactly where defenses are not working and how cybersecurity teams should rectify issues found with the organization’s security posture.
In other words, given the scale and rapidly evolving nature of the cyber challenge facing companies, data breach emulations must provide sophisticated, in-depth analysis and actionable intelligence that covers every part of an enterprise’s information technology (IT) and operational technology (OT) infrastructure.
Challenge too great for Simulation Testing
The reason to switch from data breach simulation is that security is just not coping with the scale, complexity, and speed of change of the data attacks that organizations are now experiencing, and that the attack surface is constantly expanding.
Digital business initiatives incorporating IoT and operational technology as well as mobile and embedded devices have greatly expanded the opportunities for penetration of enterprise systems and data. For companies in different industries, initiatives such as Industry 4.0, real-time logistics and freight management, multi-modal retail, telematics-based insurance, and UBI can be a competitive necessity, but they greatly expand the potential for attackers to penetrate corporate systems.
Another way that the attack surface has expanded has been through increasing requirements for identity authentication. With mobile devices, cloud-based enterprise applications, telecommuting and the increasing trend for teams to work at both on-premise and off-premise locations, identity authentication has become an easier inroad for hackers to compromise enterprise security.
Attacks at these levels of sophistication and complexity, and across such a breadth of attack surfaces, defeat conventional approaches based on simulation testing.
Emulation: a whole-enterprise security assessment approach
In contrast to simulation, data breach emulation uses real-world attacks and strategies that are indistinguishable from live efforts by hackers, rather than simulated, unreal artifacts that rely on stale information.
To be effective in assessing threat landscape defenses to the limit against the latest attacks (whether it be exploits or malware), the emulation approach has to draw on the largest possible, and most up-to-date, repository of real-world attack components. These should include the very latest exploits and malware as well as access to large historical database.
It is the size, range, and frequency of the threat repository that gives data breach emulation its power and a marked advantage over conventional simulation approach.
To be effective, emulation approaches have to be able to operate both laterally and holistically, to generate attacks that present not just standalone, but as composites of different elements drawn from different technologies and platforms. Hackers now take advantage of a broad range of attack surfaces and vulnerabilities created by unforeseen interactions in outward-facing code. To effectively assess cyber defenses, emulation needs the capability to comprehend and validate all potential attack surfaces, including holistic assessments of separate elements to confirm detection of composite attack strategies.
Above all, effective assessments require machine-learning capabilities that can probe iteratively and cumulatively across the range of attack surfaces. Machine-learning-driven testing, supported by a comprehensive threat repository, are key to exhaustive, holistic testing of live production environments.
Finally, analysis and intelligence from data breach emulation must be not only in-depth and comprehensive but also immediately actionable. Fully automated Purple Team assessments must have the ability to assess the whole production environment and immediately identify needed actions and potential issues.
Organizations face data breach threats that are increasingly aggressive, multi-dimensional, and sophisticated; assessing the production network is essential to assuring and adapting cyber defenses against the latest threats.
However conventional data breach simulation is too limited and unsophisticated to assure against the wave of data breach threats that organizations are now facing.
Data breach emulation, driven by massive real-world threat repositories, machine learning techniques, and an adaptive holistic approach to whole enterprise security, is the most advanced means to assure cyber defenses against the range of sophisticated and multi-faceted cyber threats that organizations face today.