[BreachExchange] Strengthen Data Breach Defenses with Emulation Assessments

[Destry Winant]

https://www.infosecurity-magazine.com/opinions/strengthen-emulation-assessments/

While cyber threats increase daily in volume and sophistication, data
breach evaluation – an essential tool for validating the security of
corporate and essential infrastructure – has lagged behind. This has
left many companies and organizations not knowing whether they are
adequately protected against the very latest threats or what urgent
steps they need to take to better protect themselves.

A better approach to data breach evaluation is needed, an approach
that can truly evaluate the limits of the security protections in
place to prevent the very latest complex and sophisticated attacks –
with attack vectors that truly replicate what companies are
experiencing, for real, on a weekly basis.

The current conventional approach to data breach evaluation is based
on simulating cyber-attacks. In its place, we need assessments that
use actual attack components, true hacker activity, and malware
executables that can test and analyze an organization’s threat
landscape against the latest cyber threats. This alternative approach
is data breach emulation.

With data breach emulation, assessments are based on the use of actual
attack components, real hacker activity and the latest cyber threats,
executed across every potential attack surface. The result is a
comprehensive, holistic assessment of an organization’s
vulnerabilities, across all its platforms and surfaces.

Security assessments: a cornerstone of cyber-defense
No organization would install a new software application or system
without extensive testing to see whether it does the job it’s supposed
to do. Likewise, no company would launch a new product, be it a car or
even a toaster, without first testing that it’s both safe and performs
as it should.

Information security is no different. Security assessments are
essential to ensure that every possible avenue of attack is properly
secured from the very latest cyber-attacks and strategies.

Assessments must ensure that cyber defenses are doing the job they are
meant to do. But they also have to identify exactly where defenses are
not working and how cybersecurity teams should rectify issues found
with the organization’s security posture.

In other words, given the scale and rapidly evolving nature of the
cyber challenge facing companies, data breach emulations must provide
sophisticated, in-depth analysis and actionable intelligence that
covers every part of an enterprise’s information technology (IT) and
operational technology (OT) infrastructure.

Challenge too great for Simulation Testing
The reason to switch from data breach simulation is that security is
just not coping with the scale, complexity, and speed of change of the
data attacks that organizations are now experiencing, and that the
attack surface is constantly expanding.

Digital business initiatives incorporating IoT and operational
technology as well as mobile and embedded devices have greatly
expanded the opportunities for penetration of enterprise systems and
data. For companies in different industries, initiatives such as
Industry 4.0, real-time logistics and freight management, multi-modal
retail, telematics-based insurance, and UBI can be a competitive
necessity, but they greatly expand the potential for attackers to
penetrate corporate systems.

Another way that the attack surface has expanded has been through
increasing requirements for identity authentication. With mobile
devices, cloud-based enterprise applications, telecommuting and the
increasing trend for teams to work at both on-premise and off-premise
locations, identity authentication has become an easier inroad for
hackers to compromise enterprise security.

Attacks at these levels of sophistication and complexity, and across
such a breadth of attack surfaces, defeat conventional approaches
based on simulation testing.

Emulation: a whole-enterprise security assessment approach
In contrast to simulation, data breach emulation uses real-world
attacks and strategies that are indistinguishable from live efforts by
hackers, rather than simulated, unreal artifacts that rely on stale
information.

To be effective in assessing threat landscape defenses to the limit
against the latest attacks (whether it be exploits or malware), the
emulation approach has to draw on the largest possible, and most
up-to-date, repository of real-world attack components. These should
include the very latest exploits and malware as well as access to
large historical database.

It is the size, range, and frequency of the threat repository that
gives data breach emulation its power and a marked advantage over
conventional simulation approach.

To be effective, emulation approaches have to be able to operate both
laterally and holistically, to generate attacks that present not just
standalone, but as composites of different elements drawn from
different technologies and platforms. Hackers now take advantage of a
broad range of attack surfaces and vulnerabilities created by
unforeseen interactions in outward-facing code. To effectively assess
cyber defenses, emulation needs the capability to comprehend and
validate all potential attack surfaces, including holistic assessments
of separate elements to confirm detection of composite attack
strategies.

Above all, effective assessments require machine-learning capabilities
that can probe iteratively and cumulatively across the range of attack
surfaces. Machine-learning-driven testing, supported by a
comprehensive threat repository, are key to exhaustive, holistic
testing of live production environments.

Finally, analysis and intelligence from data breach emulation must be
not only in-depth and comprehensive but also immediately actionable.
Fully automated Purple Team assessments must have the ability to
assess the whole production environment and immediately identify
needed actions and potential issues.

Organizations face data breach threats that are increasingly
aggressive, multi-dimensional, and sophisticated; assessing the
production network is essential to assuring and adapting cyber
defenses against the latest threats.

However conventional data breach simulation is too limited and
unsophisticated to assure against the wave of data breach threats that
organizations are now facing.

Data breach emulation, driven by massive real-world threat
repositories, machine learning techniques, and an adaptive holistic
approach to whole enterprise security, is the most advanced means to
assure cyber defenses against the range of sophisticated and
multi-faceted cyber threats that organizations face today.