The Four V's of Effective Cybersecurity Posture

The already growing risk of falling victim to a cyber-attack, be it from criminals powered by greed or financed by aggressive competitors, hacktivists who deem your activity harmful to their particular brand of idealism or nation-states bent on destabilizing states’ economy or proper functioning has now been raised a notch by the Russian offensive in Ukraine.

As such, raising the effectiveness of cyber defense has never been more critical. To achieve optimal defense, there are four critical angles to consider. Visibility, verification, vigilance, and validation. These are the four angular stones of an effective security posture architecture.

1. Visibility

The core concept behind the visibility angle is obtaining a 360° visibility of all assets that a cyber-attacker could potentially use to gain an initial foothold in your infrastructure. This sounds obvious, but the combination of rapid development, with its collateral of rapid code obsolescence, holds the potential of leaving unmonitored discarded assets that could be used as a point of entry. Other elements, such as publicly available email addresses, that could be used for spear phishing, or even mere phishing attacks, must also be monitored. Any unmonitored exposed asset poses a potential risk and, with the continued growth and complexity of cyber-attacks, covering all assets is a critical first step in security posture management.

Attack Surface Management solutions that continuously scour
the Internet to identify all exposed assets of an organization are the most
advanced go-to option to ensure complete visibility into what an attacker sees.

2. Verification

The core tenant of the recommended Zero Trust architecture is “Never Trust, Always Verify.” This presupposes a segmented architecture designed to prevent lateral movement and escalation of privileges in case of a breach.
An across-the-board implementation of the least privileges principle and its related policy configuration is crucial to achieving full zero trust and is a pillar of proper cyber-hygiene.

However, the combination of agile development frequent deployments and the inclusion of open-source code within these deployments, and
the connection with third-party vendors' services, increases the risks of
introducing exploitable vulnerabilities and unoptimized PAM configurations.

As both agile development and third-party vendors are indispensable to maintain business operations at an optimal level, these risks can be minimized from the onset but not eliminated outright.

3. Vigilance

In view of this built-in potential risk, constant vigilance
is required to ensure that no cyber-attacker can leverage any opening to gain access without being detected and stopped. This is where SIEM and SOAR solutions arrays are shining. When properly configured, Detect and Respond solutions are either automatically quelling attempted attacks or, at a minimum, alerting your security team that an attack is ongoing. The key concept for successful vigilance is "properly configured."

Lack of proper configuration might lead to either a failure in detecting intrusion or a cacophony or false-positive alert that dulls the security team alertness, leading to alert fatigue and, consequently, increasing the risk of missing out on a real attack.

4. Validation

As no one is immune from error, even the most stellar SOC team is likely to miss out on something, be it a single PAM configuration, or a critical, yet unpatched, vulnerability. To avoid falling victim to such unavoidable oversights, implementing Continuous Security Validation (CSV) instead of periodical pen testing can save resources and further diminish risk exposure.

An Extended Security Posture Management (XSPM) approach covers all security validation aspects. Below is a comprehensive list of all the continuous security validation aspects and related most advanced technologies available today:

• Ensure that all your assets are monitored and that no exposed asset can be stealthily used by an attacker. The most advanced technology for exposed asset discovery is Attack Surface Management (ASM), a technology that scours the Internet to identify all exposed assets, evaluates the risk detected assets pose to your infrastructure and recommends mitigation procedures.

• Fine-tune your security control to ensure that they are optimally configured to stop attacks. Breach and Attack Simulation (BAS) is a technology that runs agent-based production-safe attacks to validate the efficacy of active SIEM and SOAR security controls configuration, identifies security gaps across the full kill chain, and recommends mitigation procedures.

• Validates that potential attacks are detected and stopped. As manual pen testing is outdated in the current cyber landscape, it is best to opt for more advanced options such as Continuous Automated Red Teaming (CART), a technology that runs outside-in production safe attacks to identify potential entry points, and subsequent lateral movement or escalation path across the full kill chain and recommend mitigation procedures.

• Optimize your vulnerability management to focus on the CVE posing the highest risk. Vulnerability Prioritization Technology (VPT) is evolving to reduce the patching load. The most advanced current technology is Attack Based Vulnerability Management (ABVM), a technology that prioritizes vulnerability patching based on risk sensitivity calibrated to your own infrastructure instead of based exclusively on CVSS score.

• Protect yourself against emerging threats by integrating threat intelligence feeds into your SOC array and workflow. Immediate Threat Intelligence (ITI) tools automate the evaluation of your infrastructure exposure to emerging threats and provide lists of Indicators of Compromise (IoC) to include in your SIEM/SOAR array ahead of the solution providers updates.

• Adopt purple teaming practices to expand your SOC team's range of security validation assessments. That process can be streamlined with integrated purple teaming frameworks that provide wizards to create custom production-safe attacks with a few clicks to test your environment for scenarios and campaigns. If you are already running comprehensive BAS/CART assessments, such a framework lets you easily add TTPs not included in the MITRE ATT&CK or NIST 800-53 Revision 5 frameworks.

Ideally, all these should be run from a single platform. Some Extended Security Posture Validation platforms provide global or granular quantified
risk scores based on your infrastructure permeability to attacks and enable
monitoring security drift by running the active options continuously. And, of course, running all validation tools from a single dashboard facilitates the management of the validation process.