Social Network For Security Executives: Network, Learn & Collaborate
In today's rapidly changing environment, threat actors are using an arsenal of new and sophisticated techniques that make attacks unrecognizable. With a plethora of products and a rapidly shifting landscape of threat and risk, cybersecurity remains elusive or possible as impossible as the "happiness problem".
While the adversaries only have to succeed once, the organizations as defenders need to succeed every time. Security is also laborious, organizations can test some assets sometimes, while hackers are attacking all the assets at all of the time.
The emergence of the new technology called Continuous Automated Red Teaming, or CART, can be a gamechanger in solving this problem.
By definition, red teaming is a goal-based ethical hacking technique. It was first used by the US military to map war tactics. But in the current world, it is used on a much broader and larger scale than conventional security testing. It lets the security teams first discover an organization’s attack surface and then launch simulated attacks to test blind spots – this is very similar to a real hack. Unlike penetration testing, it is not based on the scope of IPs/applications but instead objective- or goal-based, meaning you can attack whatever you want to achieve the goal.
Traditional red teaming is done at a point in time and is usually a lengthy process that takes a lot of time. And it involves multiple tools, manual effort and only tests a fraction of an organization’s assets, occasionally. It is largely manual, hard to scale, and unaffordable for most organizations.
CART is an emerging security technology designed to automate red teaming so that one can achieve the breadth and depth of the process as well as scale it and seamlessly conduct it on a continuous basis. There are multiple potential approaches including hardware, software, or even Software-as-a-Service (SaaS).
At FireCompass, we developed a SaaS-based approach that uniquely combines Attack Surface Management (ASM), Shadow IT Discovery, and the simulation of various types of attack playbooks, including ransomware attacks, network and application attacks, social engineering, and more. The platform uses an outside-in approach by working with zero knowledge and without the need for any hardware or software to find risks on the digital attack surface of an organization.
During the CART process, an organization can search already indexed deep, dark, and surface web data using similar reconnaissance techniques as nation-state actors. It automatically discovers an organization’s dynamic digital attack surface, including unknown exposed databases, cloud buckets, code leaks, exposed credentials, risky cloud assets, and open ports, etc. Once an attack surface is recognized and the scope for the simulated attack is authorized, the attack engine launches multi-stage attacks on the discovered surface to identify security blind spots and attack paths before hackers do. The platform then prioritizes the risks and recommends the next steps for mitigation.
Traditional red teaming is typically conducted once or twice a year. It is consultant-driven and requires manual orchestration between multiple tools. CART automates the process and makes red teaming continuous.
Penetration testing is conducted on a few, known applications or systems. CART, unlike penetration testing, discovers the attack surface on its own without any inputs and launches a combination of multi-stage attacks, spanning from networks to applications to humans.
Breach and Attack Simulation (BAS) tools typically need hardware or software agents to be installed and work inside of an organization. The tools mimic real threat actions and tell how much an attacker can proliferate if it gains access to an internal system. CART on the other hand works using an outside-in approach and conducts real attacks without the need for any hardware, software, or integration.
While today’s hackers operate with a level of sophistication that surpasses typical preventative and detection capabilities, CART can be a game-changing approach to stay one step ahead. You must test your own controls to identify potential blind spots before an attacker exploits them.
Authored by Bikash Barai, Co-Founder, FireCompass