*This blog's content has been updated on Sept. 23, 2020.
Continuous security validation is the practice of challenging, measuring and optimizing the effectiveness of an organization's security controls, infrastructure configurations, policy enforcement, and more on an ongoing basis.
Also called “security effectiveness testing,” the objective of continuous security validation is to enable constant optimization of an organization's security stack by testing it in production and providing security teams immediately actionable insights to take corrective measures.
It achieves this goal by automating a comprehensive range of simulated threats, payloads and attack tactics and techniques to uncover security gaps, weaknesses and misconfigurations that may be exploited by potential adversaries.
Continuous security validation is performed using automated technology such as breach and attack simulation, with 28% of security professionals currently using BAS to test their security controls, according to a SANS Institute poll.
Echoing a general move from binary, point-in-time security decisions to a more continuous and adaptive approach to implementing information security strategies, a continuous cyber risk assessment has emerged to address the reality of IT environments that are in constant flux, alongside an evolving threat landscape that requires greater focus and resources on early detection and response, rather than relying primarily on prevention (see Gartner’s CARTA model).
By implementing continuous security validation, organizations can better address the following:
Figure 1: Continuous security testing helps defend against the latest threats faster
Figure 2: Continuous testing enables tweaking controls against state-sponsored APT groups
In a nutshell, imagine that you have at your disposal the accumulated skills of all your potential adversaries. Instead of wreaking havoc they tell you where their attacks were successful, they tell you what you can do about it, and they do it on demand or all the time.
How is this achieved? Cymulate Research Labs stays abreast of the very latest threats and techniques, updating the platform daily with Immediate Threats Intelligence. They use the MITRE ATT&CK Framework to reference atomic executions and attack vectors for you to assure complete coverage. The Framework also serves as a common language that can be used internally or with security service and technology providers. The accumulation of platform capabilities enables organizations to rapidly assess their resilience against a comprehensive set of attack simulations and latest threats.
Using automated breach and attack simulation, security teams:
Figure 3: Continuous Security Testing in 4 Steps
The latest string of ransomware hold-ups, business email compromises and state-sponsored APT campaigns require a shift in cyber security strategy. By continually challenging your security controls, uncovering their weak spots and tweaking them to improve their effectiveness, security teams can continually shrink their attack surface and improve their organization’s overall security posture.
Ready to explore automated security risk assessments using breach and attack simulation technology?
Cymulate blog articles by Mor Ahuvia.