When we think of industrialization and the industrial revolution, images of smoke stacks, purpose-built machinery, and automation come to mind. Some examples are the Jacquard Machine, as pictured below. This machine simplified the process of manufacturing textiles in the early 1800s, and some consider it an early example of computer punch cards and punch tape if not one of the earliest examples of a working computer.
In cybersecurity especially regarding red teaming and blue teaming the use of specialized tools and a level of automation is commonplace. From vulnerability scanners and exploit kits to firewalls and SIEMs , we invest vast amounts of money, time, and manpower into solutions we assume will secure our environments. Then once in a while, we attack our environments (or hire someone else to attack them) to see if there are holes left by our security tools that nefarious actors can exploit.
However, despite our red and blue teaming cybersecurity tools and processes, we still base our security effectiveness on assumptions. We assume our preventative controls for network, endpoint, email, and cloud , for example, are stopping bad things. We assume that nefarious activity will be detected by our intrusion detection solutions, and we assume that alerts and logs will make it to the right place for correlation and analysis. We further assume that our people and processes are taking full advantage of the assumed-to-be-functioning security tools. That’s a lot to be guessing about.
What we lack is evidence and quantitative data about our security effectiveness. We lack a purpose-built solution that leverages automation to help determine what’s working, what’s not, and how to fix it.
We need a perspective solution beyond patching to actually measure and improve the efficacy of the security tools protecting our assets. And most critically, we need an (Read more...)