Demand for automated security solutions has spiked in recent years - but it isn't just the rising volume of attacks driving IT leaders to clamour for AI.
Steve Smith, AVP at Pentera, says the falling global economy is another driving factor, as is simple lack of manpower. With the number of threats rising at a record level every year, and IT leaders challenged on multiple fronts, it is of little surprise that many have decided to turn to automation to address the security challenge.
We talked to Steve about the state of the security market and why it's so important to understand the attacker's perspective when it comes to designing defences.
Computing: What is behind the rising demand for automated security solutions?
Steve Smith: The main driving force currently is the down economy and lack of manpower.
In the current economic downturn, companies must figure out how to do more with less, and become more efficient. Add to that the general scalability challenges arising as our networks grow faster than ever before, and you understand the mass movement towards automation.
With every new device, tool and service, the attack surface grows in tandem, to the point where it's virtually impossible for IT security teams to maintain a continual solid security posture. To illustrate the escalation of attack surface growth, you need look no further than the proliferation of CVEs. According to the National Institute for Standards and Technology, 20,158 new vulnerabilities were discovered in 2021 alone, representing the fifth year in a row for record vulnerability disclosures. Locating and remediating all the critical instances for each single vulnerability across your network is difficult enough, but scaling that work across the 20,000+ vulnerabilities borders on impossible. The situation becomes even more untenable considering that that volume of vulnerabilities is only from the past year, and vulnerability management is only one aspect of the security teams' responsibilities.
To keep up with the current pace of work, IT teams must be extremely judicious with their time and cannot manually identify every issue across their vast networks. The good news is that automated security solutions today offer new levels of efficiency in terms of the speed of finding security gaps and prioritising them according to their potential impact. The new generation of such solutions breaks away from prioritising vulnerability severity merely based on the Common Vulnerability Scoring System (CVSS) scores by displaying more of an attack chain context, root cause and business risk in plain language.
CTG: Can automated security help protect against major threats like ransomware?
SS: The short answer is yes.
Ransomware attacks have rapidly increased in frequency and severity, with a single attack potentially resulting in millions of dollars worth of damages. The ransomware attack strategy is predicated on gaining access and encrypting critical data within the network that a company would be willing to pay to recover. Once the adversaries have successfully locked you out of the system, there's really no recourse unless you have a backup and can recover. Therefore, the most important key to stopping a ransomware attack is denying the hackers access and remote code execution (RCE) capabilities altogether.
To stop ransomware, the entire security stack must work as one: tested as one stack against an automated ransomware attack and tuned to allow millisecond response. Security validation is one of those places that helps the automated defences required to combat the automated attacks hackers are now employing.
CTG: What immediate and long-term benefits can IT teams see after adopting automated security?
SS: The primary benefit companies see immediately is increased visibility to find the most critical gaps and reduced reaction time to remediation. The speed and scale that automated solutions are able to search, compared to human counterparts, enables security teams to identify their most critical gaps in a fraction of the time.
Over the long term, automated security enables companies to be far more proactive to improve their cyber resilience and reduce their exposure. With automated security solutions 'manning' traditionally time-consuming tasks, like monitoring and generating relevant alerts about security gaps, the security team can be far more proactive and focus on issues that really need human attention.
CTG: How can an organisation be sure their security software is protecting their entire internal and external attack surface?
SS: The best way to ensure that everything is working the way it should is to test it.
In the financial world companies conduct audits to ensure sufficient and accurate financial reporting and management, and in the cybersecurity world we have pentests. Approaching your organisation from the hacker's perspective, pentests challenge your existing security controls to determine where they are effective and highlight what needs fixing in terms of vulnerability, misconfiguration or exploitability. This provides cybersecurity companies with a clear understanding of their current security posture as well as an actionable roadmap to remediate their issues.
CTG: One of Pentera's USPs is to arm customers with 'the attacker's perspective'. Why is that important?
SS: Today, companies are using a variety of security tools to protect their networks and assets. However, despite all the solutions, the rate of breaches continues to rise.
The issue isn't necessarily that organisations don't have the correct security tools onboard, often it's that the security controls aren't delivering on what they promise or are configured in the wrong way. How do you know your Firewall or XDR are actually working as advertised? The simple answer is you test them.
The importance of understanding how an adversary can exploit your network is starting to permeate the security world. This past September, CISA (the United States' Cybersecurity and Infrastructure Security Agency) issued guidance recommending that organisations continuously validate their security against the latest MITRE ATT&CK techniques. To understand your true exposure, you need to understand all the techniques and tactics hackers can use to break into your network, and test your existing security solutions against them. CISA recommends testing the network in production rather than simulating stress tests. This enables you to not only see what vulnerabilities or misconfigurations exist within your network, but also understand how hackers can utilise them to breach you and what needs to be done to prevent that. The visibility of your true cyber risk and the resulting remediation roadmap is exactly what Pentera provides.
Pentera's automated security validation platform challenges the organisation's existing security from its external-facing assets all the way to the core of the enterprise. Emulating the real-world techniques and behaviour of hackers, our platform validates your security across the entire cyber kill-chain. Challenging your network security in-production enables security practitioners to understand where their security is effective, where it is vulnerable, and which vulnerabilities are actually exploitable. Pentera provides an actionable roadmap to exposure reduction based on your actual network, and how real-world hackers can exploit it.
This post was sponsored by Pentera