Five years ago to date, Cymulate was one of the pioneers in the Breach and Attack Simulation (BAS) market, offering emerging technology to automate attack simulations launched against security controls and optimize them. The quick adoption was promising yet organizations were looking for additional value beyond security controls validation and insights - mostly concerning the bigger picture and how to leverage the data gathered. Assessing or validating is no longer sufficient without some analytics and management tools.
The cybersecurity industry is based on the principle that hackers are usually one step ahead and defenders are a step behind. To try and flip it around, businesses took steps in order to understand where their security posture is weak and vulnerable. For instance, automated testing in the application development lifecycle (continuous but not comprehensive) or penetration testing services (comprehensive but not continuous).
Pen-testing exercises are expensive, time and resource-consuming, and short-lived, since in today’s dynamic information environment many of the recommendations are outdated quickly.
There are different approaches to do offensive testing. All are important.
Time and time again we hear from security professionals and executives that different teams utilize different approaches and a full-stack solution combining those approaches is really what they need to get a holistic view of the current state of the security posture.
Red Teams focus on automating penetration campaigns end to end and Purple Teams on customizing attacks and complex attack scenarios. Many vendors focus on one or two of the above and provide their customers with a partial picture.
Comprehensive, end-to-end validation is a must. However, this too leaves the organization with yet another unmanaged list of action items to act upon. Extended Security Posture Management (XSPM) is the next generation of the Breach and Attack Simulation (BAS) and Continuous Security Validation tools. It’s a management platform that includes analytics, insights, intuitive control dashboards, and above all – some automation and integration. Such XSPM platforms should be flexible to support different skills and companies’ security maturity levels.
Our holistic approach not only brings together all the automated continuous testing methods but also adds the control and prioritization plane with management capabilities required to have a fact-based discussion on cybersecurity in light of business needs while providing the security team prescription for a remedy. For example, vulnerability prioritization technology - the ability to connect to vulnerability scanners in order to reflect the most urgent vulnerabilities to patch, thus improving prioritization and resource optimization, eventually creating a better cybersecurity posture.
Whatever solution you choose, make sure you can do the following:
Remove assumptions, prove you are secure end-to-end.
To find out if your organization is protected against the latest malware attacks, run Cymulate's Immediate Threat Assessment. This allows you to test and verify by yourself if your organization is exposed to these attacks. It also offers suggestions for mitigations in case it turns out that your organization is indeed vulnerable. Also, IOCs are available at the Cymulate UI!
Stay cyber safe!
Ben Zilberman is Cymulate’s Director of Product Marketing. Ben has a diverse experience of over a decade in cybersecurity, where he has led channel programs and sales operations teams as well as product marketing. Ben holds a BA in Economics and a MBA from Tel Aviv University.