Get best of the week

Simulation of targeted cyberattacks, Red Team, Pentest, vulnerability scanning. Pros and cons of various methods



In this article we will try to make a small comparison of various ways to test the security of your network and see if there are any advantages to the relatively new BAS (Breach & Attack Simulations) systems that simulate hacking and cyber attacks. As an example, we will take Cymulate , one of the market leaders , as a BAS system . And we compare it with the usual vulnerability scanning, manual Pentest and the Red Team service. Recently, these tools are gaining more and more popularity and testify to the massive transition of "security" from passive to active protection, which also indicates a mature level of information security.

Terminology


APT (Advanced Persistent Threat) - Comprehensive targeted threat
CISO (Chief Information Security Officer) - Head of Information Security
Services GDPR (EU General Data Protection Regulation) - Pan-European Personal Data Protection Regulation
NYCRR (New York Codes, Rules and Regulations) - Codes, New York State rules and regulations
PCI-DSS (Payment Card Industry Data Security Standard) -
SIEM (Security Incident and Event Management) - Card Security Information and Security Event Management System
SOC (Security Operations Center) - SOX Security Center
(Sarbanes-Oxley Act) - Sarbanes-Oxley Act, USA, 2002
WAF (Web Application Firewall) - Web Application Firewall

Introduction


Organizations of all types and sizes are forced to deal with cyberattacks, which are becoming more complex, stealthier and more resistant to countermeasures every year.

The main tools used to check the security of systems and data are still vulnerability scanners and penetration tests (pentests). Their results are not only used to assess risks, but are also a prerequisite for compliance with various regulatory requirements (such as GDPR and NYCRR).

As discussed below, scanning for vulnerabilities and pentests are useful for assessing the security of an organization at a particular point in time. However, they do not allow a complete picture of the security state, especially when it comes to complex attacks on many vectors.

The most effective means of testing an organization’s cyber resistance to a rising wave of cybercrime is to model targeted attacks over multiple vectors, called Breach & Attack Simulations (BAS).
To quote Gartner: “Security testing is such a challenge for technicians focused on day-to-day security that many don't even try to do it. Hacking and attack simulations help turn security assessment into a systematic and automated process. ”

Vulnerability Scan


There are both paid solutions and open source applications for scanning for vulnerabilities. They allow you to find vulnerabilities that are already known to software developers, and weaknesses that cybercriminals have already exploited. Organizational computers and networks are scanned for thousands of vulnerabilities, such as software defects, lack of operating system patches, vulnerable services, insecure configurations and web application vulnerabilities.

The results of this scan are used in the processes of automated security audit of the company's IT environment. Often, vulnerability scanners that scan networks and websites for thousands of security threats become the core of the information security system, and the list of vulnerabilities found is the basis for subsequent corrective actions.



! By scanning for vulnerabilities, only known vulnerabilities or threats can be found. Since only updating systems and installing patches is considered as corrective measures, vulnerability scanners do not solve problems with incorrect configurations and erroneous use of infrastructure or security tools.

Hand Pentes


Penetration tests (or pentests) are performed manually by company employees or external consultants who are trying to assess the security of the organization’s infrastructure by safely hacking it. For this, vulnerabilities in operating systems, services or applications, incorrect configurations or insufficiently cautious user behavior can be used.

In other words, an attack is carried out on the network, applications, devices and employees of the organization in order to check whether hackers can carry out such a hack. According to the test results, it also becomes clear how deeply the attacker could penetrate and how much data he could steal or use for his own purposes.



Testing by the Red Team


Simulations of targeted cyberattacks, also called “Red Team testing” or “friendly hacking,” are gaining in popularity - and not just. In addition to identifying critical vulnerabilities and an overall security assessment, a proactive testing approach provides valuable information about the ability of IT services to detect and block attacks directly during their implementation. Attacks can consist of many stages, which allows you to simulate various types of opponents and identify weaknesses in the information security system.



Cymulate Approach


The Cymulate Hacking and Attack Simulation (BAS) platform develops the idea of ​​simulating targeted attacks and evaluates the organization’s actual willingness to repel cyber threats. Cymulate identifies critical infrastructure vulnerabilities by conducting cyber attacks on several vectors in the same way as real attackers would. Trial attacks are carried out according to the patterns of real hacker groups, state cyber troops, and even on behalf of imaginary unreliable employees. The SaaS model allows you to run simulations anytime, anywhere, without impacting users or infrastructure. With the Cymulate platform, organizations can continuously test their infrastructure's resilience to cyber attacks, global virus outbreaks, and targeted APT attacks.



In general, the following features of Cymulate can be noted:

Before hacking


Mail gateways - Tests resistance to current cyber threats.
Web Gateways - Tests resistance to attacks from infected websites using HTTP / HTTPS protocols.
Web Application Firewall - Tests resistance to attacks from infected websites using HTTP / HTTPS protocols

After hacking


Data theft - Testing protection against unauthorized transfer of confidential data outside the corporate network.
Network Distribution - Tests the organization’s Windows domain security using a sophisticated network distribution algorithm.

Breaking into


Endpoint Security - Checks whether endpoint defense tools are capable of repelling attacks against various vectors.
Phishing Resilience - Test employee anti-phishing skills with comprehensive, customizable simulations.

Special protection vectors


Actual threats - A vector that includes mail and web gateways, as well as endpoints. Tests resistance to current cyber threats.
Full APT Attack Cycle - Launches targeted Kill Chain full-cycle APT attacks.

About Cymulate


Cymulate helps organizations stay one step ahead of cybercriminals thanks to a unique hacking and attack simulation service that tests the security infrastructure's ability to protect valuable resources. Modeling the many strategies used by hackers allows organizations to reliably evaluate their willingness to effectively repel cyberattacks.

Cymulate was founded by a world-class team of experts in the field of active defense against cyberthreats. Our clients are organizations from around the world, from small businesses to large enterprises, including leading banking and financial institutions. All of them share our desire to make reliable protection simple and affordable, because the easier it is to provide protection against cyber threats, the safer they and other companies will be.

Learn more at www.cymulate.com or request a demonstration of features . The following articles on this product will be published in our public places, so subscribe ( Telegram , Facebook , VK , TS Solution Blog )!

More articles:


All Articles