EXPERT OPINION is not working within their programme . A study by PurpleSec found that 75 % of companies infected with ransomware were running up-to-date protection , showing that uninformed defences are not effectively testing and validating the controls they already have , a solution that goes beyond investing in additional tools that further overcomplicate the system .
Automating cybersecurity defences
Organisations aiming to get the best out of their security controls should be running a threat-informed defence , utilising automated platforms such as Breach-and-Attack Simulation ( BAS ) to continuously test and validate their system . Like minute-by-minute fire drills , BAS garners performance data into which controls are failing , allowing organisations to remediate the gaps in their defence and gain datadriven insight into their cybersecurity readiness . Last year , Gartner included BAS in its list of top security and risk management trends of 2021 due to its ability to help proactively identify and resolve gaps in security postures .
CISOs now have an average of over 70 security controls to manage , an increase of almost double from just four years ago .
Security Optimization Platforms such a BAS can utilise knowledge-bases such as MITRE ATT & CK to simulate attack paths in a real-world environment . This process runs attack graphs based on the techniques , tactics and procedures ( TTPs ) used by bad actors , collecting valuable performance data , arming organisations with information on how well their security programme is performing against known threats . An example of this is MuddyWater , an Iranian threat group that has historically targeted the telecommunications sector .
The MITRE ATT & CK framework can list and inform security teams of commonly used techniques to , for example , bypass User Account Controls ( UAC ), or enumerate domain users .
Purple teaming
The MITRE ATT & CK platform acts as a single repository of threat behaviour that security teams can use to align their testing around a common threat framework . Commonly , security teams made of offensively oriented red teams and defensively oriented blue teams , conduct testing infrequently and are often adversarial in nature , which can
42 www . intelligentciso . com