The already growing risk of falling victim to a cyber-attack, be it from criminals powered by greed or financed by aggressive competitors, hacktivists who deem your activity harmful to their particular brand of idealism or nation-states bent on destabilizing states’ economy or proper functioning has now been raised a notch by the Russian offensive in Ukraine. As such, raising the effectiveness of cyber defense has never been more critical. To achieve optimal defense, there are four critical angles to consider. Visibility, verification, vigilance, and validation. These are the four angular stones of an effective security posture architecture. 1. Visibility The core concept behind the visibility angle is obtaining a 360° visibility of all assets that a cyber-attacker could potentially use to gain an initial foothold in your infrastructure. This sounds obvious, but the combination of rapid development, with its collateral of rapid code obsolescence, holds the potential of leaving unmonitored discarded assets that could be used as a point of entry. Other elements, such as publicly available email addresses, that could be used for spear phishing, or even mere phishing attacks, must also be monitored. Any unmonitored exposed asset poses a potential risk and, with the continued growth and complexity of cyber-attacks, covering all assets is a critical first step in security posture management. Attack Surface Management solutions that continuously scour the Internet to identify all exposed assets of an organization are the most advanced go-to option to ensure complete visibility into what an attacker sees. 2. Verification The core tenant of the recommended Zero Trust architecture is “Never Trust, Always Verify.” This presupposes a segmented architecture designed to prevent lateral movement and escalation of privileges in case of a breach. An across-the-board implementation of the least privileges principle and its related policy configuration is crucial to achieving full zero trust and is a pillar of proper cyber-hygiene. However, the combination of agile development frequent deployments and the inclusion of open-source code within these deployments, and the connection with third-party vendors' services, increases the risks of introducing exploitable vulnerabilities and unoptimized PAM configurations. As both agile development and third-party vendors are indispensable to maintain business operations at an optimal level, these risks can be minimized from the onset but not eliminated outright. 3. Vigilance In view of this built-in potential risk, constant vigilance is required to ensure that no cyber-attacker can leverage any opening to gain access without being detected and stopped. This is where SIEM and SOAR solutions arrays are shining. When properly configured, Detect and Respond solutions are either automatically quelling attempted attacks or, at a minimum, alerting your security team that an attack is ongoing. The key concept for successful vigilance is "properly configured." Lack of proper configuration might lead to either a failure in detecting intrusion or a cacophony or false-positive alert that dulls the security team alertness, leading to alert fatigue and, consequently, increasing the risk of missing out on a real attack. 4. Validation As no one is immune from error, even the most stellar SOC team is likely to miss out on something, be it a single PAM configuration, or a critical, yet unpatched, vulnerability. To avoid falling victim to such unavoidable oversights, implementing Continuous Security Validation (CSV) instead of periodical pen testing can save resources and further diminish risk exposure. An approach covers all security validation aspects. Below is a comprehensive list of all the continuous security validation aspects and related most advanced technologies available today: Extended Security Posture Management (XSPM) . The most advanced technology for exposed asset discovery is Attack Surface Management (ASM), a technology that scours the Internet to identify all exposed assets, evaluates the risk detected assets pose to your infrastructure and recommends mitigation procedures. Ensure that all your assets are monitored and that no exposed asset can be stealthily used by an attacker . is a technology that runs agent-based production-safe attacks to validate the efficacy of active SIEM and SOAR security controls configuration, identifies security gaps across the full kill chain, and recommends mitigation procedures. Fine-tune your security control to ensure that they are optimally configured to stop attacks Breach and Attack Simulation (BAS) . As manual pen testing is outdated in the current cyber landscape, it is best to opt for more advanced options such as , a technology that runs outside-in production safe attacks to identify potential entry points, and subsequent lateral movement or escalation path across the full kill chain and recommend mitigation procedures. Validates that potential attacks are detected and stopped Continuous Automated Red Teaming (CART) . Vulnerability Prioritization Technology (VPT) is evolving to reduce the patching load. The most advanced current technology is a technology that prioritizes vulnerability patching based on risk sensitivity calibrated to your own infrastructure instead of based exclusively on CVSS score. Optimize your vulnerability management to focus on the CVE posing the highest risk Attack Based Vulnerability Management (ABVM), . Immediate Threat Intelligence (ITI) tools automate the evaluation of your infrastructure exposure to emerging threats and provide lists of Indicators of Compromise (IoC) to include in your SIEM/SOAR array ahead of the solution providers updates. Protect yourself against emerging threats by integrating threat intelligence feeds into your SOC array and workflow . That process can be streamlined with integrated purple teaming frameworks that provide wizards to create custom production-safe attacks with a few clicks to test your environment for scenarios and campaigns. If you are already running comprehensive BAS/CART assessments, such a framework lets you easily add TTPs not included in the MITRE ATT&CK or NIST 800-53 Revision 5 frameworks. Adopt purple teaming practices to expand your SOC team's range of security validation assessments Ideally, all these should be run from a single platform. Some Extended Security Posture Validation platforms provide global or granular quantified risk scores based on your infrastructure permeability to attacks and enable monitoring security drift by running the active options continuously. And, of course, running all validation tools from a single dashboard facilitates the management of the validation process.

Stellar

Chain

Discovery

How Cybersecurity Interacts with Cryptocurrency

Privacy, Decentralization & Investments: What Do They Have in Common?

Follow me on LinkedIn

Nominated for 2022 - HackerNoon Contributor of the Year - Cybersecurity

Read My Stories

Too Long; Didn't Read

The Four V's of Effective Cybersecurity Posture

The Four V's of Effective Cybersecurity Posture

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

5 Tips to Prevent Hackers From Stealing Your Crypto Assets

A Detailed Guide for Mitigating Insider Threats

A Tale of Two Cities: Economic vs Digital Democracy

AWS for the CISO — What you always wanted to ask but were too afraid of

Cloud Security Tops Concerns for Cybersecurity Leaders: EC-Council's C|CISO Hall of Fame Report 2023

Cynomi Launches First Directory of Virtual CISO Providers

5 Tips to Prevent Hackers From Stealing Your Crypto Assets

A Detailed Guide for Mitigating Insider Threats

A Tale of Two Cities: Economic vs Digital Democracy

AWS for the CISO — What you always wanted to ask but were too afraid of

Cloud Security Tops Concerns for Cybersecurity Leaders: EC-Council's C|CISO Hall of Fame Report 2023

Cynomi Launches First Directory of Virtual CISO Providers

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps