Partner Insight: Automation is the first stop for sophisticated security

In the current economy, companies must figure out how to do more with less

clock • 6 min read
Partner Insight: Automation is the first stop for sophisticated security

Demand for automated security solutions has spiked in recent years - but it isn't just the rising volume of attacks driving IT leaders to clamour for AI.

Steve Smith, AVP at Pentera, says the falling global economy is another driving factor, as is simple lack of manpower. With the number of threats rising at a record level every year, and IT leaders challenged on multiple fronts, it is of little surprise that many have decided to turn to automation to address the security challenge.

We talked to Steve about the state of the security market and why it's so important to understand the attacker's perspective when it comes to designing defences.

Computing: What is behind the rising demand for automated security solutions?

Steve Smith: The main driving force currently is the down economy and lack of manpower.

In the current economic downturn, companies must figure out how to do more with less, and become more efficient. Add to that the general scalability challenges arising as our networks grow faster than ever before, and you understand the mass movement towards automation.

With every new device, tool and service, the attack surface grows in tandem, to the point where it's virtually impossible for IT security teams to maintain a continual solid security posture. To illustrate the escalation of attack surface growth, you need look no further than the proliferation of CVEs. According to the National Institute for Standards and Technology, 20,158 new vulnerabilities were discovered in 2021 alone, representing the fifth year in a row for record vulnerability disclosures. Locating and remediating all the critical instances for each single vulnerability across your network is difficult enough, but scaling that work across the 20,000+ vulnerabilities borders on impossible. The situation becomes even more untenable considering that that volume of vulnerabilities is only from the past year, and vulnerability management is only one aspect of the security teams' responsibilities.

To keep up with the current pace of work, IT teams must be extremely judicious with their time and cannot manually identify every issue across their vast networks. The good news is that automated security solutions today offer new levels of efficiency in terms of the speed of finding security gaps and prioritising them according to their potential impact. The new generation of such solutions breaks away from prioritising vulnerability severity merely based on the Common Vulnerability Scoring System (CVSS) scores by displaying more of an attack chain context, root cause and business risk in plain language.

CTG: Can automated security help protect against major threats like ransomware?

SS: The short answer is yes.

Ransomware attacks have rapidly increased in frequency and severity, with a single attack potentially resulting in millions of dollars worth of damages. The ransomware attack strategy is predicated on gaining access and encrypting critical data within the network that a company would be willing to pay to recover. Once the adversaries have successfully locked you out of the system, there's really no recourse unless you have a backup and can recover. Therefore, the most important key to stopping a ransomware attack is denying the hackers access and remote code execution (RCE) capabilities altogether.

To stop ransomware, the entire security stack must work as one: tested as one stack against an automated ransomware attack and tuned to allow millisecond response. Security validation is one of those places that helps the automated defences required to combat the automated attacks hackers are now employing.

CTG: What immediate and long-term benefits can IT teams see after adopting automated security?

SS: The primary benefit companies see immediately is increased visibility to find the most critical gaps and reduced reaction time to remediation. The speed and scale that automated solutions are able to search, compared to human counterparts, enables security teams to identify their most critical gaps in a fraction of the time.

Over the long term, automated security enables companies to be far more proactive to improve their cyber resilience and reduce their exposure. With automated security solutions 'manning' traditionally time-consuming tasks, like monitoring and generating relevant alerts about security gaps, the security team can be far more proactive and focus on issues that really need human attention.

CTG: How can an organisation be sure their security software is protecting their entire internal and external attack surface?

SS: The best way to ensure that everything is working the way it should is to test it.

In the financial world companies conduct audits to ensure sufficient and accurate financial reporting and management, and in the cybersecurity world we have pentests. Approaching your organisation from the hacker's perspective, pentests challenge your existing security controls to determine where they are effective and highlight what needs fixing in terms of vulnerability, misconfiguration or exploitability. This provides cybersecurity companies with a clear understanding of their current security posture as well as an actionable roadmap to remediate their issues.

CTG: One of Pentera's USPs is to arm customers with 'the attacker's perspective'. Why is that important?

SS: Today, companies are using a variety of security tools to protect their networks and assets. However, despite all the solutions, the rate of breaches continues to rise.

The issue isn't necessarily that organisations don't have the correct security tools onboard, often it's that the security controls aren't delivering on what they promise or are configured in the wrong way. How do you know your Firewall or XDR are actually working as advertised? The simple answer is you test them.

The importance of understanding how an adversary can exploit your network is starting to permeate the security world. This past September, CISA (the United States' Cybersecurity and Infrastructure Security Agency) issued guidance recommending that organisations continuously validate their security against the latest MITRE ATT&CK techniques. To understand your true exposure, you need to understand all the techniques and tactics hackers can use to break into your network, and test your existing security solutions against them. CISA recommends testing the network in production rather than simulating stress tests. This enables you to not only see what vulnerabilities or misconfigurations exist within your network, but also understand how hackers can utilise them to breach you and what needs to be done to prevent that. The visibility of your true cyber risk and the resulting remediation roadmap is exactly what Pentera provides.

Pentera's automated security validation platform challenges the organisation's existing security from its external-facing assets all the way to the core of the enterprise. Emulating the real-world techniques and behaviour of hackers, our platform validates your security across the entire cyber kill-chain. Challenging your network security in-production enables security practitioners to understand where their security is effective, where it is vulnerable, and which vulnerabilities are actually exploitable. Pentera provides an actionable roadmap to exposure reduction based on your actual network, and how real-world hackers can exploit it.

This post was sponsored by Pentera

Related Topics

You may also like
Russian criminals use Lunar malware to breach European government agency

Threats and Risks

Russian criminals use Lunar malware to breach European government agency

Attackers thought to be part of Russia's FSB

clock 17 May 2024 • 2 min read
NCSC CTO: UK tech sector not incentivising companies to build secure software

Security Technology

NCSC CTO: UK tech sector not incentivising companies to build secure software

Calls for market reform to usher in secure future tech

clock 17 May 2024 • 2 min read
Tories self-refer to ICO over data breach

Security

Tories self-refer to ICO over data breach

Revealed hundreds of personal email addresses by forgetting to BCC

clock 15 May 2024 • 2 min read
Author spotlight

Computing Staff

View profile
More from Computing Staff

Bridging computing's diversity gap

CIOs can't afford to wait for AI transformation

Sign up to our newsletter

The best news, stories, features and photos from the day in one perfectly formed email.

Get the newsletter

More on Security

Asian Tech Roundup: Pressure grows in US-China trade war
Security

Asian Tech Roundup: Pressure grows in US-China trade war

Plus: Google 'accidentally' deletes pension fund's cloud account

Tom Allen
Tom Allen
clock 17 May 2024 • 4 min read
Maritime security: 'Hacking a ship is just like hacking a Tesla but bigger'
Security

Maritime security: 'Hacking a ship is just like hacking a Tesla but bigger'

Cyberattacks on shipping up 400-500% in five years, Lloyds List Intelligence

John Leonard
John Leonard
clock 16 May 2024 • 4 min read
Tories self-refer to ICO over data breach
Security

Tories self-refer to ICO over data breach

Revealed hundreds of personal email addresses by forgetting to BCC

Tom Allen
Tom Allen
clock 15 May 2024 • 2 min read