Gartner Reveals Breach and Attack Simulation Technologies as a Top Cyber Security Solution
Breach and attack simulation technologies have been highlighted as one of the top solutions for CISOs to consider in Gartner’s recent report, ‘How to Respond to the 2019 Threat Landscape’.
With traditional entry points (i.e. malware, phishing and exploit) continuing to top the list for the most successful forms of attack, despite advances in technology, it’s clear that yesterday’s tactics are not cutting the mustard. Gartner revealed that on-going changes in business regularly add new attack surfaces that could create long-term gaps until defence strategies and technologies mature. These challenges pose a significant risk to organisations; together with the increased complexity of IT environments and the rise of sophisticated attacks, that exceed the preventative and detection capabilities of most security teams.
Reducing Your Attack Surface Through Regular Security Effectiveness Testing
In the report, Gartner states that because attacks leveraging known threat vectors continue to evolve, security leaders must be aware that the best security solutions for them at the time of purchase may become “obsolete” against the latest attack variants. For example, the spike in completely fileless attacks could cause the need for new detection capabilities, and a reassessment of existing tools capabilities. According to breach and attack simulation vendor, Cymulate, 67% of the organisations tested are vulnerable against a known threat:
By periodically verifying the effectiveness of security controls, i.e. through data-driven assessments, evidence-based work and simulated exercises, organisations can determine whether the controls are operating as intended. Vulnerability scanning and penetration testing have long been used for system verification checks, but they are not foolproof. Breach and Attack Simulations, in which real-world attacks are recreated, enables organisations to see how their defences perform against existing threats, as well as identifying backdoors and flaws previously unknown.
Attack Simulation vs Traditional Methods: Which is better?
Compare the advantages and disadvantages of attack simulation and traditional methods including penetration testing and vulnerability scanning in our download.
Understanding where your vulnerabilities are and becoming aware of how these can impact business operations could be the difference between reacting to an incident or responding to a breach.
Check Out Our Other Recent Posts >
A critical privilege escalation exploit in Windows Server (CVE-2020-1472), codenamed Zerologon, allows an attacker to become a domain admin, even without any credentials.
Microsoft’s September Patch Tuesday fixes 129 security holes (23 of which are rated ‘critical’) in numerous versions of its Windows operating system and related software. One of the more critical patches could allow remote code execution by sending an email to a victim.
Secrutiny Awarded Position on Crown Commercial Services “Cyber Security Services 3 Dynamic Purchasing System”
We are thrilled to announce that Secrutiny has been awarded a position on Crown Commercial Service’s Cyber Security Services 3 Dynamic Purchasing System (DPS).