Skip to main content

RSA highlights need for Red Team Automation simulated cyber attacks

At this month’s San Francisco based RSA conference, the largest global conference for cybersecurity, there were several topics which were prominent.

With the proliferation of tools and technologies that are now available to CISOs to battle the cyber war, it becomes a challenge for cyber security leaders to decide where to invest their time and money. One of the key messages coming out of the conference is the corporates must constantly test and retest all of their security measures.

Red Team Automation is now being seen as a core part of any organisation's cyber security strategy. A 'Red Team' traditionally works in a covert manner testing an organisation's weakest points using the same techniques used by organised cyber criminals. The automation of this process deploys specialist software designed for continuous testing.

Utilising Red Team Automation, chief information security officers (CISO) can identify weaknesses in their defenses and act to fix them before they are exploited by cyber criminals. Companies can then be certain they are taking the right steps and buying the most appropriate technology products to reinforce their security perimeters. Where necessary, they are then in a position to combine this with appropriate and effective awareness training - a key element in any security strategy as the human link is frequently the weakest link.

This is a huge help to CISOs who are struggling to keep pace with the evolving cyber security landscape. While they have budgets and the ear of their boards, they are faced with a bewildering array of security products and services.

Companies must be proactive

Aside from proactively assessing your resilience to cyber attacks, it is also necessary for companies to be constantly vigilant for newly emerging threats their organisations face in order to be proactive against them. To do this, companies need to use specialist third parties to monitor activity which may involve social engineering using stolen account details and passwords or coordinating an attack via anonymous forums on the Dark Web or in closed of IRC channels.

Corporations have been racing to adopt new technologies that extend their perimeters. These include: Infrastructure as a Service (IaaS), Platform as a Service (PaaS) as well as SaaS apps. All of which empower organisations with better performance at a lowered cost. However, it’s essential to deploy technologies to mitigate the risks coming from these platforms. Company’s such as Firelayers and other CASB vendors detect malicious activities on these platforms and protect sensitive content, mitigating the risk that comes with cloud adoption.

These systems must be combined with advanced threat sintelligence collected beyond the perimeter. So far, the provision of cyber security services and threat intelligence gathering outside the traditional security perimeters have been very different disciplines within the cyber security industry. But there is now a market imperative for companies providing these services to combine their offerings.

Growing sophistication of cyber criminals demands increased vigilance

As corporations store a growing mountain of highly sensitive data on their IT systems, protecting the security of these new outer perimeters is of paramount importance. Not to do so effectively opens a great many doors to enterprising cyber criminals. Their increasing tenacity and the rapidly advancing tools now routinely deployed by organised cyber criminals demand constant vigilance on the part of any organisation that does not wish to be hacked over the next 12 months.

The kind of orchestrated cyber attack now being aimed at companies storing valuable data is a game played for high stakes by the cyber criminals. Remote access to a corporate database can enable cyber crooks to encrypt a company's most confidential data and demand a high ransom to unlock it. Another motive could be to transfer a company's funds to a remote location. Alternatively, the motive might be cyber espionage on the part of crooks stealing data to sell to the company's competitors or even foreign powers such as China looking to steal new product designs. In these cases, companies may not even be aware that they have been hacked until well after they have seen their competitive advantage used by a foreign company.

What is essential is that companies take steps to safeguard those points in their inner and outer perimeters where the cyber criminals are most likely to strike.

This means combining Red Team Automation with software designed to monitor criminal activity on their Dark Web while also keeping a constant check on known weak points such as social networking sites where the company or its staff have a presence.

Elad Ben-Meir is VP of marketing at CyberInt

Image source: Shutterstock/Benoit Daoust