4 minute read
CHANGING THE RULES OF THE GAME
from SUSTAINABLE IT
by cxoinsightme
HADI JAAFARAWI, MANAGING DIRECTOR FOR MIDDLE EAST AT QUALYS, ON THREE WAYS TO SEE YOUR TECHNOLOGY SUITE AS CYBER-ATTACKERS DO
The world of cybersecurity is overflowing with metaphor. We talk of “digital trenches”, “barbarians at the gate”, “digital estates” and “perimeters”. Even concepts like “virus” and “attack” are constructs we use to explain what is happening to non-initiates. We try to draw a line between unauthorized digital processes on a server that today may not even be in the same building, city, or country as the confusedlooking senior executive we are trying to inspire to action.
Advertisement
Cyber cliché is as common as metaphor. “Defenders must get it right every time; attackers just need to get lucky once.” Sound familiar? Of course it does. The GCC’s attack surface has long caused CISOs and their teams to brace for the inevitable. They hunker down in the trenches doing the metaphorical equivalent of firing mortars in the fog — chasing down alerts that lead nowhere while the enemy sneaks through undetected and creates mayhem.
Regional SOCs are undermanned and underequipped. That is why we employ metaphor and cliché. We seek to capture the scale of the problem so line-of-business executives will invest in appropriate tools for asset management, vulnerability scanning, patching and the prevention and remediation of attacks. There are some signs that our colorful messages are getting through. According to PwC, around 43% of Middle East organizations predicted a surge in reportable cyber-incidents in 2022. At the start of this year, 58% of those polled foresaw a spike in investment compared with just 43% at the beginning of 2021.
Irksome and uncanny
Good news, assuming the investment is efficiently targeted. Asset discovery is easy for the assets with which IT and the SOC are familiar. But what www.colortokens.com about those other assets? The ones currently off radar, but which pose a risk nonetheless? New devices and additions to the network that should be managed from the start often go unnoticed because of the modern splintering of the IT stack. Third-party networks and employees’ personal devices are just two examples. Unfortunately for us, attackers have an irksome and uncanny talent for finding stack elements that are hidden from defenders. So, the prevailing challenge of the modern cybersecurity professional is to duplicate the attacker’s view of their network and add it to their own. Here are three ways to go about this.
With ColorTokens’ award winning Zero Trust micro-segmentation framework you can find and fix the evolving risks that threaten your business.
ColorTokens’ SaaS-based, cloud-delivered approach ensures fast and easy segmentation, effectively blocking the spread of ransomware and other threat actors inside your network.
Learn more about how ColorTokens can prevent cyber threats from becoming a full scale attack on your network. Write to info@colortokens for an exploratory demo.
1External penetration testing
This approach has been around for years but there is a reason it is a classic. An outside team with no preconceptions that is incentivised to poke holes in your cyber-curtain is better placed to find vulnerabilities than the teams or vendors who created them. External teams use the same tools, techniques, and processes as cybercriminals. But pen-testing alone is not enough. It will only provide a snapshot of current security postures and cannot offer ongoing assessment. In the age of hybrid work, employees can add devices every day and business units can engage in their own private deals with third-party providers for new cloudnative infrastructures and services. We must go further.
2Open-source intelligence
As more and more IT assets routinely connect to both company networks and the Internet, they (and the company that permits them access) run the risk of being visible on the Internet. A laser-light on the wall to an attacker, these assets will leave around data to be vacuumed up and analyzed by services like Shodan (Sentient Hyper-Optimized Data Access Network), which bills itself as a search engine for the Internet of Everything but which can be used by pen-testers and cyber-attackers alike.
Such data sources are available to everyone as open-source intelligence (OSINT). Since attackers use them, it only makes sense for defenders to use the same tools to get an idea of their online exposure. Problem assets or issues in IT, OT or IoT can make themselves known. Organizations can add public data to their internal asset lists to make it useful to SOC teams. Those same teams can get useful information on their enterprises’ domains and subdomains, and what assets are registered on those domains. Visibility of this range and depth can show important connections between internal and external assets, giving a far more accurate picture of the technology suite.
3External attack-surface management
External attack-surface management (EASM) takes the newfound comprehensive view of the technology stack and uses it to detect potential issues or threats over time. By now, the SOC team will have access to information about all the various platforms their organization uses, whether they are cloud-native or hosted internally. This makes it significantly easier to detect potential vulnerabilities, as the security team will also have visibility of configurations and inadequately protected assets.
Now we can flag assets that were previously unknown if we find them to pose problems. Some may be unauthorized, others merely unapproved. They may be found to be running end-of-support software, open ports, or unsanctioned apps. They may be connecting to suspect domains.
Similar to penetration testing, EASM gives an attacker’s view of the network, but unlike pen-testers, EASM grants insights in real time and over time. When up-to-the-minute visibility is at the beck and call of SOCs, it suddenly becomes possible to fix issues before attackers exploit them. This also leads to a team that is less prone to burnout through alert fatigue.
New metaphors
A security team that is armed with all the information available to attackers can think like attackers. In fact, only a team armed with all the information available to attackers can think like attackers. Such teams will have new metaphors: “armed for the fight” and “entering the battlefield with confidence”. And the business, having listened and invested appropriately, is safer from the digital hordes.
