On a practical level, continuous security validations tools and processes are useful in several use cases:
Security Control Validation
Security controls are a core element to maintain a solid security posture, yet according to a recent Ponemon survey about the need for continuous security validation, 60% of respondents reported modifying their security controls daily or weekly, only 22% were highly confident that their security controls were working as intended.
By continuously validating your security controls, continuous security validation processes verify that security controls are working as intended, without unintended security gaps.
Security Posture Management
Continuous security validation replaces guesstimates of the security posture based on statistical evaluation of the improvement in tightening security controls and patching vulnerabilities. The problem with risk-based security posture management is that it involves providing evidence of an absence. Switching to attack-based security posture measurement is based on factual evidence of the number of simulated attacks that were stopped or not. This quantified approach leads to measurement traceability and enables effective monitoring of security drift.
SIEM’s solutions are tasked with collecting data from various sources and parsing them to detect threats and pinpoint security breaches as well as raising alerts when the uncovered vulnerability is above the defined risk tolerance level.
SIEMs are invaluable tools, but their performance level is dictated by the accuracy of their configuration. With the constant changes to the environments stemming from agile development and techniques such as infrastructure as a service, SIEM configuration needs to be reoptimized regularly. Continuous security validation processes are key to streamlining SIEM configuration so that the information parsed yields exhaustive, accurate alerts, and minimizes the false positive alerts that waste SOC teams’ time.
Without continuous security validation, valuating the impact of integrating third-party service into your environment is a complex procedure at the best of times. However, sequentially running a free trial of a few competing services, and combining these trials with running security validation for each of them, gives a clear picture of the respective risks each product or service poses to your environment.
Operationalizing Threat Intelligence
The rapid evolution of the threat landscape means that new threats are emerging all the time. Continuous security validation includes incorporating threat intelligence into automated attack campaigns and enables SOC teams to verify at a click if the systems are protected against specific new attacks. SaaS-based Immediate Threat Intelligence (ITI) modules are updated by the R&D teams of the service provider to include the most recent threats.
Employee Security Awareness
Phishing (and its various declensions smishing, vishing, and spear phishing)
remain by far the main attack vector used by malicious actors to gain a
foothold into their targets’ environment. Raising the level of employees’
awareness is a pivotal aspect of improving security posture.
A phishing awareness vector automates testing employees’ awareness
through running off-the-shelf or customized simulated phishing campaigns
and checks which employees need security awareness reminders.
Extending your security posture management with the comprehensive set of
continuous security validation modules automatically integrates the four
pillars of cyber-resilience that underpin regulators compliance requests:
• Management and protection – by continuously testing the security controls,
managing the attack surface, optimizing SIEM and SOAR, improving employees’
security awareness, and more, comprehensive continuous security
validation processes cover it inasmuch as the information it collects is used
in the extended security posture management to optimize the tool stack.
• Identification and detection – the simulated attack scenarios and attacks
launched at regular intervals ensure that all detection tools are optimized to
detect all threats.
• Response and Recovery – attack campaigns and scenarios can be used to
run IR practices, thus minimizing MTTR and accelerating recovery.
• Governance – by design, continuous security validation implements
continual improvement of the security posture.
Cloud Security Validation
Whether migrating to the cloud, running hybrid or cloud-native environments, any infrastructure connected to the cloud needs to manage the security risks stemming from hyperconnectivity.
Continuous security validation extends your security posture management across all connections through a combination of Attack Surface Management, security control validation, and automated red teaming.
Attack Surface Management
It is impossible to protect what is not known. Hackers are well aware of that fact and scour the Internet for assets they can potentially instrumentalize to gain entry into your infrastructure. An Attack Surface Management module is an integral part of an extended security posture management approach. Its role is to continuously scan the Internet to ensure all exposed assets are accounted for, monitored, and secured.
Attack Based Vulnerability Prioritization
Despite the soaring numbers of vulnerabilities to patch, the percentage of exploitable vulnerabilities is steadily dropping, reaching a low point of 2.7% in 2020, and a mere 0.7% have actually been exploited. This means prioritizing the patching schedule is crucial to enable the IT team to manage their time between development and patching tasks without jeopardizing the security posture.
Continuous security validation techniques such as Attack Based Vulnerability Management (ABVM) score the risk level of uncovered vulnerabilities based on the probability they could be leveraged by malicious actors and create prioritized patching lists based on these risk scores.
This optimizes the ratio between patching and security posture hardening and lightens the patching load on the IT team’s shoulders.
SOC and SOAR Validation
The rapid evolution of the threat landscape, coupled with constant environment changes as a result of agile development, means keeping orchestration, automation, and response playbooks up-to-date increasingly difficult.
When integrated with a continuous security validation suite, SOC blue teams can easily fine-tune their SOAR and train its AI-assisted analysis tool to optimize the entire automated process, from detection to mitigation.