CEOs cite cybersecurity as the biggest threat to the world economy and as a result, the global spend in cybersecurity is expected to surpass $1 trillion by 2021. An enterprise cyber attack can turn into a catastrophe in a matter of hours, potentially damaging any business at any point in time. As we see from the past few years, the greatest have already fallen.
When you think about it, it’s no different from a domestic burglary – a criminal picks the lock on the door and enters the house, avoiding the alarms while searching for the safe. They crack it open, get the jewels and make it out without being caught. In our context, a cyber burglar.
When it comes to malicious hackers, the biggest difference is the number of conductor hallways, vents, shafts, and doors one can use. If you take into account the settings of anti-viruses, firewalls, application firewalls and Windows group policies, etc., it amounts to thousands of parameters. Multiply this complexity when it comes to cloud and heterogeneous environments and it becomes clear that the chances of neglecting a vulnerable security control are very high.
Did We Leave the Door Open?
There is a new rule of equality – everyone is being hacked. If a door is left open, it will be entered. Public websites and applications are exploited as they are released. That’s simply how the internet works in 2020.
The same goes for internal controls. One must assume that at least one point of the organization has been compromised. An attacker will make an attempt on every misconfigured control to progress laterally towards the critical data or services and it only takes one to succeed.
Validation is Calling
The IT network is a living organ constantly undergoing changes – adding and removing users, changing segmentation, new systems, cloud migration -it’s endless. Show me a patch-perfect iron-clad network today and in two-month, I can assure you, its controls will decay in efficacy.
Some people refer to it as instrumentation, others as control validation, but the simplest term is security hygiene. And if it’s hygiene we’re after, misconfigurations is the dirt and it’s often the result of human error.
Our networks are in need of continuous, on-demand testing to ensure controls are kept in tune at all times. As I mentioned earlier, it takes only one misconfiguration for an attacker to progress the attack.
The “Cyber Toothbrush” Rush
An ideal solution should take the form of a ‘crawler’ roaming the network, checking that all controls are enforced and changes have not created weaknesses. For example, Windows Circular Nested Active Directory (AD) Groups, where privileges are misconfigured to enable a regular user to achieve higher privileges than intended, is a hacker’s slam dunk. Are you confident there are none in your network? Only a continuous solution will allow you to answer that question.
Such a solution to this problem is long overdue and many technologies are on the rise to address it. When reviewing them, it’s important to use a few qualifying questions to ensure their operational burden doesn’t cast a shadow over their benefits.
3 Key Requirements for an Ideal Solution
- Fully Automated: Many security validation solutions provide a ‘playbook’ approach to risk validation, repeatedly testing for one known attack vector. Despite various claims of ease of use, these require design, maintenance and constant updates. The ideal tool should have a one-click-to-validate approach.
- Agentless: Part of the pain in information security is managing software agents with the promise of an ultra-lightweight one that you won’t mind. All agent-based systems require installation, documentation and upgrades, providing a weakness by its own right. The ideal tool should work without agent deployment.
- MITRE ATT&CK™: It is key that any cybersecurity validation system is compliant with the evolving matrix of adversary techniques to assure you are covered and validated against them. It’s essential to validate and cover the known and existing threats out there, understand what has been validated against, and evolve with the industry over time.
The Toothbrush Test
The most cost-efficient solution these days is validating your security controls. Whether you have a budget item for this or need to ‘borrow’ from other validation budget items, it’s the most efficient way to make sure you’re at the top of your game with quick and contextualized remediation measures. The ultimate question to ask yourself is, “can I run this solution every day?” The answer should be yes, and the practice should follow suit.
Why Gartner is Calling External Attack Surface Management (EASM) a Critical Functionality
External Attack Surface Management (EASM) tools are not new, but only this year has Gartner named this category as a top trend to keep an eye on in 2022. So, why does the top research & consulting firm think its time has come? The main reason is the relentless expansion of the digital footprint of...
The Good, Bad and Compromisable Aspects of Linux eBPF
2022 discoveries of new privilege escalation techniques Reading this blog will allow you to understand the eBPF mechanism and how a fairly small bug can lead to the compromise of the entire system. Executive summary Modern hacking techniques often use legitimate operating system tools for bad purposes. Such is the potential case with the common...
CVE-2022-22948: Sensitive Information Disclosure in VMware vCenter
New zero-day vulnerability joins a chain of recently discovered vulnerabilities capable of operating an end-to-end attack on ESXi. Organizations should evaluate risk and apply vCenter client patches immediately. Executive Summary Pentera Labs’ Senior Security Researcher, Yuval Lazar, discovered an Information Disclosure vulnerability impacting more than 500,000 appliances running default vCenter Server deployments. This finding is...