Using cyber simulations against cyber attacks
Articles like this about cybersecurity provisions tend to refer to an arsenal of defensive measures, or a quiver of arrows (a.k.a. tools) to mitigate from attack and defend networks.
Granular approaches to cybersecurity continue this stance, regarding each element of the enterprise’s network as somehow separate from others. There are solutions out there which are gateway-based; firewalls, and more recently, web application firewalls (WAFs) to protect enterprises who use significant quantities of XaaS or cloud-based services.
Additionally, individual applications can be protected, as can individual network infrastructure nodes. Users, or biological interfaces, have their own discreet protection types, providing training, education, cyber hygiene routines and endpoint protection.
This latter subset of cybersecurity software and hardware has come about as BYOD IT policies encourage staff to bring their technology into the workplace. Protecting legacy Android installs, group policies for iOS distributions and even Blackberry virus mitigation routines are all now as important as bolstering individual users’ laptops brought in from home.
IT security specialists have a variety of approaches to this miasma of attack vectors open to bad actors. Some companies provide one solution which addresses all available points of possible attack, while some specialize in perhaps one or two.
Look hard enough, and you’ll also find suppliers who add an extra layer of abstraction above different cybersecurity defense technologies, uniting the plethora of different products via API interfaces, bringing all defenses into one centralized dashboard.
Cybersecurity as a subject for study now ranks at least as highly in the aims and objectives of graduating students as was, just a few years ago, fluency in programming languages, or networking knowledge. Many of those specializing in cybersecurity find demand for their skills among the ranks the penetration testers.
“Pen testers” can be regarded as white hats, or “good actors,” armed with many of the techniques and backed by the same knowledge base as the people against whom they are arranged.
Running “traditional” pentest exercises is, however, both costly and detrimental to the day-to-day running of network systems in the enterprise. By ranging attacks against real-life networks, albeit specifically against test-rigs or sandboxed hardware, overheads will always have an impact on the organization’s performance during a testing cycle.
Additionally, pen testing should, ideally, be re-invoked each time there is any change in topology, however seemingly insignificant – new infrastructures mean new attack vectors. Clearly, this is economically unviable.
Therefore, a new breed of cyber security provision has emerged; that of attack simulation.
With this latest raft of provision, entire topologies can be simulated, and multiple attacks can safely take place in software. By modeling real-world instantiations, a holistic view of the network’s security stance can be captured very accurately. Furthermore, what-if modeling can be carried out: will a proposed deployment put the organization at greater risk? What are the safer alternatives?
IT’s new strategic role in the enterprise means that the morphology of networks is in constant flux, as the IT function alters according to strategic business direction.
The fluidity, therefore, of an IT provision means that attack simulations are incredibly useful and powerful, as they can create proposed IT scenarios and test them for security vulnerabilities. This gives the enterprise and opportunity to assess proposed topology changes before they become a reality, and potentially, suggest alterations or improvements.
In today’s IT-driven workplace, even individual teams deployed to discrete projects are within their rights to deploy technology as they see fit. Commissioning software as a service is simple, or adding an adjunct service to an existing application can be quick to spin up — but often without much consideration given to cybersecurity implications.
From the scale of the small changes, up to the enterprise-level digital transformation project or wholesale enterprise architecture realignment, predictive modeling of security stances needs to become an integral part of the planning process.
At Tech HQ, here are three suppliers of attack simulation or testing solutions which, we feel, can provide a next-generation service to security teams.
The Swedish company foreseeti grew out of a research project at the Royal Institute of Technology (KTH), one of Europe’s leading technical universities, in Stockholm.
The company’s product, securiCAD, focuses on threat modeling and cyber risk simulations. securiCAD can reveal both technical and structural vulnerabilities, and allows decision makers to address the robustness of IT architectures.
Foreseeti’s simulation software provides a holistic overview of the entire enterprise infrastructure’s vulnerabilities and can suggest remediation actions. Automated attacks and risk simulations allow its users to take proactive action on the real-life topology before any breach can occur. Using a probabilistic approach for calculating potential cyber risk, the simulations even suggest the most likely kill chains which malware (or a “bad actor”) may follow to move to high-value targets.
The company continues to be research-driven and deploys artificial intelligence in its backend to improve simulations and drive insights overall.
Foreseeti has brought in the concepts of computer-aided design (CAD) and simulation – like stress-tests in construction – from other industries to make infrastructures robust.
Its simulations are highly predictive and allow proactive cybersecurity standards; mandatory to protect even the simplest enterprises network. Read more about foreseeti here.
Of the three companies profiled here, the Lloyds-registered Nettitude is perhaps the most traditional, but also is probably one of the longest-in-the-tooth cybersecurity providers in the marketplace today.
As well as providing consulting services focused around compliance, social engineering, and training, the company offers managed security services and operates its own security operations center (SOC). It also offers an instant response service, either as a stand-alone function or as an adjunct to its other provisions.
Highly qualified, certified engineers offer penetration testing (human-led services), exposing vulnerabilities, possible attack tactics, and proposing methods of defense.
As governance issues spread across the entire organizations (not just in divisions used to red tape, such as finance and legal), almost every area of an organization now has to be vigilant about compliance. Companies wishing, for instance, to become PCI-DSS compliant, can both take consultative guidance from Nettitude, or deploy its proactive services to test network setups.
Like most organizations in the cybersecurity field, Nettitude is well keyed into the cyber threat intelligence network, providing its own reports and threat briefing series of papers and media, with particular emphasis on financial cyber sec reports. The entire cyber defense industry knows that promulgation and propagation of the latest and most effective defensive methods help every online entity today.
Cymulate provides attack simulation services to strengthen and bolster organizations’ cybersecurity postures.
Its platform tests defenses, providing an advanced persistent threat simulation which covers the full cycle of a typical cyber attack.
Beginning with the pre-exploitation stage threat analysis, such as email practice, browsing habits and web application firewall challenges, organizations are provided with the ability to analyze and respond to simulated incidents and develop policies to mitigate potential attack vectors.
Additionally, the company provides post-exploitation modules like hopper, endpoint, and data exfiltration simulations.
The overall offering helps improve awareness amongst employees as well as data security staff, enabling improved awareness of phishing methods, ransomware threats, and other common attacks leveled towards end users.
The company’s attack simulation software solutions are cloud-based and offered as a SaaS. The company was founded by a team of former IDF intelligence officers with long experience in conducting cyberattack counter security operations. By mimicking the latest and most sophisticated cyber attacks, Cymulate can present a real-life picture of the myriad tactics and strategies employed by hackers to attack network infrastructures.
*Some of the companies featured on this article are commercial partners of TechHQ
18 April 2019
18 April 2019
18 April 2019