Cymulate Emitec presentation - Copy.pptx
Document Details
Uploaded by Deleted User
Tags
Related
Full Transcript
Hey, Blue Teams: Stop Waiting for Pen Tests to Find Gaps. Take Control of Your Offensive Testing. 1 Sam Starr Martin Tran Senior Sales Country Manager, Engineer DACH 2 The Need for Security Validation You k...
Hey, Blue Teams: Stop Waiting for Pen Tests to Find Gaps. Take Control of Your Offensive Testing. 1 Sam Starr Martin Tran Senior Sales Country Manager, Engineer DACH 2 The Need for Security Validation You know you have gaps. Think like an attacker to find & fix them to prevent the breach. 3 Breaking Down Manual Penetration Testing NETWORK APPLICATION INTERNAL RED PEN-TESTING PEN-TESTING TEAMING Vulnerabilities Misconfigurations Attack Paths Security Controls 4 Penetration Testing: Limitations o Manual o Costly o Limited scope o Point in time 5 In Search of Continuous Automated Testing Vulnerability Attack Surface Automated Security Assessment Management Penetration Controls Testing Validation 6 Vulnerability Assessment o Identify outdated software o Compliance mandated Limits o Prioritization o Cannot discern exploitable vs. unreachable vulnerabilities 77 Attack Surface Management o External attacker view of assets o Map potential attack paths Limits o Theoretical (unproven) o Lack context of security controls 88 Automated Pen Testing o Validate attack paths o Discover vulnerabilities & misconfigurations Limits o Results overlap with vulnerability assessments o Limited testing of controls 99 WEB GATEWAY SOC VULNERABILITY MANAGEMENT SIEM IT INFRASTRUCTURE EMAIL GATEWAY Security Control Validation ENDPOINT SECURITY CLOUD SECURITY ACTIVE DIRECTORY XDR Test and optimize cyber defenses NETWORK SECURITY KUBERNETES10 Technologies & Outcomes Multiple approaches to Automated Security Validation Vulnerabilitie Control Misconfigurations Attack Paths s Effectiveness Vulnerability Assessment Attack Surface Management Automated Pen Testing Security Controls 3rd Party 3rd Party 3rd Party Validation Integrations Integrations Integrations 11 VISION: THE PATH FORWARD The transition to Exposure Validation What and where is my exposure to potential VULNERABILITY breaches if/when I am attacked? MANAGEMENT ✓ Misconfigurations ✓ Vulnerabilities ✓ Attack Paths Exposure + Management Will my security control detect and/or prevent an attack exploiting the identified CONTROL exposure? VALIDATION ✓ Efficacy of all Controls and Defenses 12 Contextualized vulnerability management Probability Impact & Probability Threat intelligence Vulnerability CVSS Prevention of APT Groups known to Score exploit to CVE-2017-0144 96 50% 10% 56 Impact CVE-2017-0144 Probability Asset Business 6.2 criticality (impact) 10% 10% Compensating controls 9 Contextualized pre/post exploitation Real Exposure risk controls for prevention 15 Probability Impact Attack paths Ability to Respond 15 10% 10% Contextualized pre/post exploitation controls for detection 48 13 Attack paths done right EDR Prevention IPS Prevention EDR Prevention IPS Prevention EDR Detection SIEM Alert EDR Detection SIEM Alert MITRE ATT&CK T1040 CVE 2017-0144 9.4 4.6 Discovery, Credential Access/Network Sniffing Lateral Movement / Exploitation of Remote Services 14 Optimize controls to prevent the breach 15 Exposure Management done right. Blue Teamers, you now have control Disrupt attack Tune and Compensate paths optimize for known defenses gaps 16 Sam Starr Senior Sales Learn more: Engineer Martin Tran Country Manager, DACH 17