Table of Contents
Red team experts share insights on how organizations can use proactive security as a weapon and explore emerging technologies that support this.
Using Proactive Security to Stay Ahead of Adversaries
As cybercrime and nation-state hacking teams continue to evolve to evade detection, security operations teams must ensure they stay one step ahead of adversaries by employing proactive security practices.
Proactive security is an evolution beyond simply trying to prevent risks and react to them after they occur. Rather, it focuses on reducing cybersecurity risk by trying to anticipate risks before they occur. Typically, this approach involves modern technologies such as attack surface management, incident simulation, and vulnerability management.
It also requires organizations to understand the value of their assets from the perspective of adversaries so they can prioritize the protection of the most important assets instead of simply deploying security tools.
Prioritizing Resources According to the Threats Faced
Organizations may need to plan and prioritize differently according to whether they are facing threats from nation-state actors or financially motivated criminals.
However, Zack Hoffman, Director of Professional Security Services at CyberMaxx, points out that these threats are not always as different as they may seem. He underscores the importance of continually monitoring activity on the dark web and looking closely at the risks that users are being exposed to.
“Doing regular tabletop exercises and actually practicing what you would do in some of these different attacks is instrumental in making sure that your organization and your teams are prepared,” says Hoffman. “Actually putting your policies into practice and testing them is the best way to kind of prepare your own teams for that activity,”
Proactive Security for Small Organizations
While large organizations often have ready access to the budgets and resources required to carry out these exercises, smaller organizations often find it challenging to justify security budgets.
Organizations that haven’t experienced major incidents may find justifying their budgets to management to be especially challenging.
However, proactive measures like penetration testing and continuous automated red teaming can help these organizations build the case for increased security investment.
Emerging Attack Techniques That Organizations Should be Simulating
Organizations can get ahead and figure out what kind of emerging attack techniques they should be simulating by staying up to date with industry news.
For instance, in recent years, attacks on the cloud environment have been on the rise. Hoffman says that securing Azure, AWS, and GCP Cloud services is vital for organizations. “Being able to simulate and do assessments against the cloud infrastructure is huge,” he says. “Emulating different Red Team operations in cloud environments is probably the place where I would start.”
Detecting Adversaries by Monitoring Common Entry Points
Organizations can also benefit from deploying deception technologies to monitor and detect unauthorized access to IoT and OT devices, as these can often be overlooked and unprotected and can provide entry points for adversaries.
“A lot of times, we deploy deception hardware out into customers’ environments to mimic their IoT devices so that if somebody’s accessing those and is unauthorized, we get alerts on it,” says Hoffman. “Then we know to go hunt for that activity in their environment on their other IoT devices or from a network traffic perspective.”
Overcoming Budget Limitations Using Existing Tools
Some organizations are getting creative by using their existing security information and event management (SIEM) and endpoint detection response (EDR) tools for threat hunting in an effort to be proactive, even if they don’t have the budget for more advanced proactive security solutions.
However, this requires highly specialized security analysts, which are in short supply. Even if they do end up hiring experienced analysts, this can be a long process. “It takes time for threat hunters to understand your environment and know what they’re looking for or what the anomalies are,” says Hoffman.
Hoffman also highlights the benefits of vulnerability risk management programs. “Knowing what your assets are, and also knowing which ones are vulnerable, where patches may need to be applied, and prioritizing your vulnerabilities to help reduce your risk surface is an important part of being proactive as well as reactive,” says Hoffman.
The Benefits of Managed Service Providers
Managing and utilizing these tools to their full potential and using them to carry out threat hunting effectively requires an immense amount of skill.
As a result, more organizations are turning to Managed Service Providers (MSPs) to protect their organizations against threat actors by carrying out real-time monitoring. This approach provides 24/7 coverage against threat actors, who are working around the clock to take advantage of vulnerabilities.
Using AI to Detect Suspicious Behavior
Many vendors are now incorporating AI-driven solutions such as Natural Language Processing (NLP) to identify suspicious behavior that falls outside the baseline of normal activity.
“AI is a force multiplier. It can pull more relevant data associated with the alert that analysts are looking at,” says Hoffman. “It incorporates the different feed data and threat intelligence data that you may have in your databases to immediately give that analysts a snapshot of activity that may be related.”
Despite progress in AI, Hoffman says he does not believe it will ever get to the point where it can replace the need for important manual threat analysis work.
Improving Organizational Resilience with MDR
As the panel draws to a close, Hoffman reiterates the benefits of using MDR providers. “It’s a great source of talent for organizations that don’t have the time or know-how to recruit that kind of talent,” he says. “It really enables you to have a more security posture.”
Finally, he underscores the importance of regular internal and external penetration testing for all organizations. “I think it’s a necessity in this day and age to really make sure that your business is resilient,” he says.