Gartner Reveals Breach and Attack Simulation Technologies as a Top Cyber Security Solution
Breach and attack simulation technologies have been highlighted as one of the top solutions for CISOs to consider in Gartner’s recent report, ‘How to Respond to the 2019 Threat Landscape’.
With traditional entry points (i.e. malware, phishing and exploit) continuing to top the list for the most successful forms of attack, despite advances in technology, it’s clear that yesterday’s tactics are not cutting the mustard. Gartner revealed that on-going changes in business regularly add new attack surfaces that could create long-term gaps until defence strategies and technologies mature. These challenges pose a significant risk to organisations; together with the increased complexity of IT environments and the rise of sophisticated attacks, that exceed the preventative and detection capabilities of most security teams.
Reducing Your Attack Surface Through Regular Security Effectiveness Testing
In the report, Gartner states that because attacks leveraging known threat vectors continue to evolve, security leaders must be aware that the best security solutions for them at the time of purchase may become “obsolete” against the latest attack variants. For example, the spike in completely fileless attacks could cause the need for new detection capabilities, and a reassessment of existing tools capabilities. According to breach and attack simulation vendor, Cymulate, 67% of the organisations tested are vulnerable against a known threat:
By periodically verifying the effectiveness of security controls, i.e. through data-driven assessments, evidence-based work and simulated exercises, organisations can determine whether the controls are operating as intended. Vulnerability scanning and penetration testing have long been used for system verification checks, but they are not foolproof. Breach and Attack Simulations, in which real-world attacks are recreated, enables organisations to see how their defences perform against existing threats, as well as identifying backdoors and flaws previously unknown.
Attack Simulation vs Traditional Methods: Which is better?
Compare the advantages and disadvantages of attack simulation and traditional methods including penetration testing and vulnerability scanning in our download.
Understanding where your vulnerabilities are and becoming aware of how these can impact business operations could be the difference between reacting to an incident or responding to a breach.
Check Out Our Other Recent Posts >
SAP has issued patches to fix a critical RECON vulnerability that can lead to total compromise of vulnerable SAP installations. It has been assigned the highest risk score of 10 on the CVSS, the most severe rating possible. It can be launched via HTTP over an internet-facing interface.
Microsoft has disclosed a critical vulnerability that has been around for nearly two decades in the Windows DNS Server. The vulnerability, which allows for remote code execution, affects versions 2003 to 2019, and can be prompted by a malicious DNS response. If exploited an attacker could gain Domain Administrator rights, and compromise the entire corporate infrastructure. Full advisory here…
how can you spot whether a cyber threat is a business risk that needs attention? With forensic level focus… To help you achieve this, we’ve mapped out the seven key focus areas for quantifying and managing risk.