#104 - Breach and Attack Simulation (with Dave Klein)
CISO Tradecraft® - En podcast af CISO Tradecraft® - Mandage
Special Thanks to our podcast sponsor, Cymulate. On this episode, Dave Klein stops by to discuss the 3 Digital Challenges that organizations face: Cyber threats evolve on a daily basis and this constant threat to our environment appears to be only accelerating The level of vulnerabilities today is 30x what it was 10 years ago. We have more IT infrastructure, complexity, and developers in our current environment. In the pursuit of digital innovation, we are changing our IT infrastructure by the hour. For Example: Infrastructure as Code capabilities (Chef, Puppet, Terraform, etc.) allow developers to deploy faster and create more opportunities for misconfigured code at scale. Breach and Attack Simulation tooling address these 3 digital challenges by focusing on Breach Attack Simulation, Vulnerability Prioritization, & Threat Exposure Management. This combined approach allows a cyber organization to ensure its security is fully optimized and its risk exposure is minimized. Key benefits of adopting Breach and Attack Simulation software include: Managing organizational cyber-risk end to end Rationalizing security spend Prioritizing mitigations based on validated risks Protecting against the latest threats in near real-time Preventing environmental drift Welcome back listeners and thank you for continuing your education in CISO Tradecraft. Today we are excited to share with you a great episode focused on Breach and Attack Simulation software. To begin we will provide a solid background on Breach and Attack Simulation then we are going to bring on our special guest Dave Klein who will give us the pro tips that help CISOs maximize the value from Breach and Attack Simulation Software. Starting from the beginning. What is Breach and Attack Simulation software and why is this needed? At the end of the day most companies are not on an island. They need to connect to clients, partners, and vendors. They need the ability for employees to visit websites. They need to host public facing websites to sell products and services. Each of these activities result in creating organizational assets such as IT equipment that has internet connectivity. Now internet connectivity isn’t a bad thing. Remember internet connectivity allows companies to generate income which allows the organization to exist. This income goes to funding expenses like the cyber organization so that is a good thing. If bad actors with the intent and capability to cause your company harm can find your company's internet connected assets which have vulnerabilities, then you have a risk to your organization. So enter vulnerability assessment and penetration testing tools that companies can buy to identify and address this risk. Now sometimes you will hear the terms Cyber Asset Attack Surface Management or (CAASM). It’s also commonly referred to as continuous threat exposure management. Essentially these two categories of tools are the latest evolution of vulnerability management tooling that have the additional benefit of ingesting data from multiple sources. Essentially they are designed to address key questions such as: How do we get an inventory of what we have? How do we know our vulnerabilities? and How do we know which vulnerabilities might be exploited by threat actors? Now if you want to take this line of questioning one step further, then you should consider adopting Breach and Attack Simulation software. Note Breach and Attack Simulation software overlaps with many of the CAASM capabilities, but it does something unique. Breach and Attack Simulation software allows you to pose as bad actors on your network and perform red team exercises. Essentially you learn how bad actors can bypass your cyber tooling and safeguards. This means you go from knowing where you are vulnerable to actually seeing how well your incident response activities perform. Example if I can take a normal user's laptop and spawn a Powershell Script o