Cybersecurity toothbrush

CEOs cite cybersecurity as the biggest threat to the world economy and as a result, the global spend in cybersecurity is expected to surpass $1 trillion by 2021. An enterprise cyber attack can turn into a catastrophe in a matter of hours, potentially damaging any business at any point in time. As we see from the past few years, the greatest have already fallen.

When you think about it, it’s no different from a domestic burglary – a criminal picks the lock on the door and enters the house, avoiding the alarms while searching for the safe. They crack it open, get the jewels and make it out without being caught. In our context, a cyber burglar.

When it comes to malicious hackers, the biggest difference is the number of conductor hallways, vents, shafts, and doors one can use. If you take into account the settings of anti-viruses, firewalls, application firewalls and Windows group policies, etc., it amounts to thousands of parameters. Multiply this complexity when it comes to cloud and heterogeneous environments and it becomes clear that the chances of neglecting a vulnerable security control are very high.

Did We Leave the Door Open?

There is a new rule of equality – everyone is being hacked. If a door is left open, it will be entered. Public websites and applications are exploited as they are released. That’s simply how the internet works in 2020.

The same goes for internal controls. One must assume that at least one point of the organization has been compromised. An attacker will make an attempt on every misconfigured control to progress laterally towards the critical data or services and it only takes one to succeed.

Validation is Calling

The IT network is a living organ constantly undergoing changes – adding and removing users, changing segmentation, new systems, cloud migration -it’s endless. Show me a patch-perfect iron-clad network today and in two-month, I can assure you, its controls will decay in efficacy.

Some people refer to it as instrumentation, others as control validation, but the simplest term is security hygiene. And if it’s hygiene we’re after, misconfigurations is the dirt and it’s often the result of human error.

Our networks are in need of continuous, on-demand testing to ensure controls are kept in tune at all times. As I mentioned earlier, it takes only one misconfiguration for an attacker to progress the attack.

The “Cyber Toothbrush” Rush

An ideal solution should take the form of a ‘crawler’ roaming the network, checking that all controls are enforced and changes have not created weaknesses. For example, Windows Circular Nested Active Directory (AD) Groups, where privileges are misconfigured to enable a regular user to achieve higher privileges than intended, is a hacker’s slam dunk. Are you confident there are none in your network? Only a continuous solution will allow you to answer that question.

Such a solution to this problem is long overdue and many technologies are on the rise to address it. When reviewing them, it’s important to use a few qualifying questions to ensure their operational burden doesn’t cast a shadow over their benefits.

3 Key Requirements for an Ideal Solution

  1. Fully Automated: Many security validation solutions provide a ‘playbook’ approach to risk validation, repeatedly testing for one known attack vector. Despite various claims of ease of use, these require design, maintenance and constant updates. The ideal tool should have a one-click-to-validate approach.
  2. Agentless: Part of the pain in information security is managing software agents with the promise of an ultra-lightweight one that you won’t mind. All agent-based systems require installation, documentation and upgrades, providing a weakness by its own right. The ideal tool should work without agent deployment.
  3. MITRE ATT&CK™: It is key that any cybersecurity validation system is compliant with the evolving matrix of adversary techniques to assure you are covered and validated against them. It’s essential to validate and cover the known and existing threats out there, understand what has been validated against, and evolve with the industry over time.

The Toothbrush Test

The most cost-efficient solution these days is validating your security controls. Whether you have a budget item for this or need to ‘borrow’ from other validation budget items, it’s the most efficient way to make sure you’re at the top of your game with quick and contextualized remediation measures. The ultimate question to ask yourself is, “can I run this solution every day?” The answer should be yes, and the practice should follow suit.

Written by: Amitai Ratzon
Show all articles by Amitai Ratzon
Learn more about automated security validation
Resource center
Get blog updates via email
Ivanti Zero-Day Vulnerabilities: Understand Your Impact
Ivanti Zero-Day Vulnerabilities: Understand Your Impact

Ivanti Ground Zero On January 10, 2024, Ivanti disclosed two vulnerabilities, CVE-2023-46805 and CVE-2024-21887, impacting its Ivanti Connect Secure and Ivanti Policy Secure products in supported versions (9.x and 22.x). Successful exploitation can result in authentication bypass and command injection, leading to unauthenticated remote code execution and lateral movement inside the victim’s network. Then on […]

How to attack and protect WebLogic server
How to attack and protect WebLogic server

WebLogic is a popular enterprise middleware tool that orchestrates the interaction between backend systems and frontend clients. This makes it a valuable tool for attackers, who can exploit it to access and influence a wide range of organizational applications. In this blog post, we explore how to install a persistent backdoor on WebLogic Server. We […]

Why cyber defenders should embrace a hacker mindset
Why cyber defenders should embrace a hacker mindset

Today’s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats. On […]

Learn more about our platform