pritha's Posts (455)

Sort by

Definition
Penetration testing and red teaming activities have traditionally been heavily dependent on human testers and their toolkits of commercial and proprietary tools. A new market of solutions is emerging that can fully or semiautomate continuous or ad hoc network and infrastructure penetration test, and red team activities.

 

Why This Is Important
Security testing, like network penetration testing and red teaming, plays an important role in an organizations’ capabilities to identify exposures, vulnerabilities and weaknesses in their defenses. Many organizations only test on an annual or ad hoc basis, rarely testing more frequently or even continuously in their environments due to the cost and lack of internal expertise.

 

Business Impact
  • More frequent testing of infrastructure and the cybersecurity defenses of an organization helps find and mitigate weaknesses, gaps and operational deficiencies faster.
  • More organizations can take advantage of penetration testing and red teaming capabilities without having to hire expensive experts when building an internal testing capability.
  • Time to schedule and execute tests is shorter when an organization is not reliant on the schedule of a testing firm.

 

>> Download Full Report

Drivers
  • Vendors are adding more automation in their tools that can aid security operations teams
  • Penetration testing tends to be an annual activity for many organizations due to the lack of budget and available resources, and to meet regulatory mandates or internal policy requirements
  • Red teaming is still the purview of mature organizations that are prepared to benefit from these activities to validate and test the defenses and the “blue team.” However, human-led red teaming requires a specific set of expertise, processes and tools that can be expensive to develop.

 

Obstacles
  • As an emerging market, adoption is low and there is little feedback from buyers to validate the efficacy and value of these solutions.
  • Acceptance of the test results from these solutions by auditors, assessors and third-party risk teams is still unknown. Organizations using automated testing solutions should confirm whether test results would be acceptable to applicable parties.
  • Solutions still need people to operate them. This means managing the tools along with doing the work. This is done to determine scope, gather the necessary information (such as IP address ranges or excluded assets), configure the parameters of the test in the tool, and monitor the execution of the test until completion.
  • Current tools cannot address all variations of penetration tests that buyers may require, especially those that require people to be on site, like wireless and physical intrusion tests.

 

User Recommendations
  • Do POCs and other due diligence to confirm that the solutions being considered are fit for purpose and will meet the buyer’s requirements. This is because the market is nascent and there is limited end-user experience with these tools.
  • Confirm that the tools will be considered equivalent to the activities performed, and findings and results provided, by testing services providers. It is important in case you are planning to use these tools to address any audit or regulatory compliance requirements.
  • Work with vendors in this space to help them refine and improve their solutions, and identify and prioritize new features and functionality, which benefit both parties

 

Courtesy : The above excerpt has been taken from a Gartner Report

>> Download Full Report

Read more…

About The Report

In the Hype Cycle for Security Operations 2021, Gartner points out, organizations that can easily identify the event types that will impact their business in terms of brand damage or reduced operational capacity, stand a much greater chance of having an effective and measurable security operations capability.

Security operations technologies and services defend IT systems from attack by identifying threats and exposure to vulnerability — enabling effective response and remediation. The innovations included in this Hype Cycle aim to help security and risk management leaders strategize effectively.

9479345683?profile=RESIZE_710x

Architectural complexity in corporate infrastructure is widening as organizations try to navigate their way through traditional IT infrastructure deployments, cloud-based deployments and hybrid approaches. Security operations technologies are designed to meet the diverse needs of modern organizations across these architectural challenges — providing greater visibility of threats and exposures, greater control, and faster response capabilities that work universally and cohesively. The demands of security are still heavily weighted in favor of effective processes and skilled individuals, with technologies becoming an enabler or efficiency-driver for an already effective SecOps team. The desire for a single platform to consolidate security capability continues to be prevalent in the market

>> Download Full Report

 

 

New Entrants to the Gartner Hype Cycle Security Operations 2021 : 

  • Autonomous Penetration Testing and Red Teaming : Security testing like network penetration testing and red teaming, plays an important role in an organizations’ capabilities to identify exposures, vulnerabilities and weaknesses in their defenses.
  • External Attack Surface Management (EASM) : EASM supports organizations in identifying risks from known and unknown internet facing assets and systems. Security leaders can use EASM capabilities to understand and manage risks from their digital businesses, as it provides valuable context and actionable information

>> Download Full Report

 

Read more…

CISO Contributors

  • Igors Konovalovs, Director Global Solution Specialist, Mandiant
  • Bikash Barai, Co-founder CISO Platform; FireCompass
  • Pradipta Kumar Patro, GM, Adani Group
  • Mohd Imran, Group - Head Information Security, L&T Financial Services
  • Manoj Kumar Shrivastava, CISO, Future Generali Insurance
  • Vijay Kumar Verma, VP & Head Cyber Security Operations Center, Reliance Industries
  • Sachchidanand M, Director, J.M. Financial Services Limited
  • Pravin Desai, AVP Technology Cloud & Security Operation, Fullerton Credit India
  • Nithin R, CISO, Bajaj Finserv Limited

 

Key Pointers

  • Gaps in testing and validation
  • What is BAS (Combining Intelligence with BAS)
  • Reference Architecture (BAS & Control Validation)
  • Critical capabilities
  • Success and failure factors

 

 

(Fireside Chat) Recorded

 

 

Discussion Highlights

  • So whenever you do a testing so the first portion that we need to see is the triangle completion that what is the time available for testing what is the scope of testing and how much the costs or the bandwidth in terms of manpower is available with you. You need to fill in this information and always there has to be a priorities assigned and before that you can have both blind testing as well as a intelligence led testing where you have a knowledge of a internal network so you always have to prioritize what are the internal internet exposed assets and out of those internet exposure sets how many are critical to your function
  • Once you do a testing you also need to define on the objective of testing what is the objective of my testing. Is it just limited to finding vulnerabilities which could be exploited or can you define some kind of a success criteria that can be many things either getting a shell access to a system or getting a parameter manipulation where you have one credential to one system and whether you can manipulate your parameter and get access to other systems so these kind of success parameters on different applications of your targets could be designed and with these things in your mind you can actually then do that bridge attacks and then you can carry out your simulations.
  • Mature organizations have a vulnerability management process in their organization, that scans, finds vulnerabilities and fixes them. The challenge which we face is identifying the vulnerabilities and fixing it and rescanning it. Between 2 resecans the gap is huge - gaps of 1 month or more. In these times this can be easily exploited by the adversaries. Major solution can be a continuous scanning on monitoring of these threads that will help or fill the gap of these months. So this is a major challenge which is kind of unsolved as an industry.
  • The major breaches which has happened, the most important thing missed was asset management. What to protect is a major challenge and it's a practical challenge everywhere. There should be some solution with client-based solution and continuous assessment and a certain layer may be virtual patching etc. A lot of organizations work in silos and that intelligence is not being passed on to each others. There's not a single unified view. Setting up this process is very important. This is the automation part (Proactive vs Reactive Process)
  • A lot of attacks target through systems not on payload. Threat Intel visibility or detection point view for SOC may not cover 100% of the organization. The attack surface is further increased with remote work from home. Autonomous SOC (level 1 alert triage) is about the volume, virtual analyst, machine leraning application. So ideally you want to automate detection and you also want to automate kind of attack or red team so if you can automate blue and red team and consistently and continuously do that then you actually can come to a place in your soc and your security where you only need to decide what do you want to test, no longer need to worry how you're going to test it who is going to detect it when you automate the basic part of detection and to a degree response and the attack part which breach and attack simulation is actually all about. 
    Then you start getting to that what we call autonomous soc and intelligence. This is kind of that component that you can use to direct your validation efforts by simply saying if we can use an attack a malware binary or a payload from an existing instance response investigation load it into a breach and attack simulation tool and then blast it against my autonomous soc which will automatically triage and detect it. That's how i know whether my security technologies are working or not so that is what we've seen actually being fairly powerful combination.

  • The threat landscape is growing at an exponential rate while the regulatory bodies and security team talents grow at a slower pace. Combat is a huge issue. We need to have some kind of a platform or tool which will integrate all these pain points and give one dashboard. This dashboard will enable the CISO to efficiently track and monitor. External penetration testing is more rigorous while it's less rigorous for user segments and shared services. So that actually strengthens your complete zones and complete environments rather than just testing from your perimeters. So this kind of a scenario once we take an assumed breach and then we can have realistic targets also and then we can see whether you are secure when we start moving from those zones and in addition suppose you have certain controls which are placed to detect lateral movement it may be like you are doing some traffic monitoring from span ports which originates from cross zones.
  • One interesting thing about intelligence-led bass is it focuses on the most important areas (bass) rather than a complicated view.

    If you have two sets of data and when you do the intersection you have that narrow set which tells that these are big threats from our threat actor perspective from our industry perspective etc. I can effectively prioritize better. One of the very interesting use case is that when you have this intelligence-led, you can actually do much better prioritization so that you can focus on only few things which you need to fix today rather than thousands of things which needs to be passed.

 

 

 

 

Read more…

Gartner Hype Cycle is the most important analyst document which helps to find out the key trends in our Industry. The acceleration in digital transformation has brought about new threats. In the 2021 Hype Cycle for Security Operations, Gartner analyzes 21 profiles and points out that alongside a focus on detection and response, a continuous assessment and exposure-based approach is emerging in the Industry.

Key Points Of Discussion

  • Which are the new technologies/trends in Gartner Hype Cycle - 2021?
  • How to use insights from Gartner Hype Cycle for your security strategy
  • Understating the future and emerging new shifts in security landscape

 

About Speaker

Ryan Benson, Ex Gartner Analyst, Director @ Stratascale

Bikash Barai, Co-founder FireCompass & CISO Platform

 

Podcast (Recorded)

Read more…

Supply chain attacks have become a growing trend in the security world. Attackers are exploiting the trust users have in acclaimed software companies to implant malware into systems. It often results in mass-scale outreach attacks and goes undetected for long periods of time. This talk will uncover the current trends, unique insights from industry experts, understand how to build a reference architecture stack and the regulatory requirements.  

Contributors

  • Anthony Ng, VP Systems Engineering, APAC
  • Bikash Barai, Co-founder CISO Platform & FireCompass,
  • Agnidipta Sarkar CISO Biocon,
  • Rejo Thomas CISO Exide Life Insurance,
  • Prasenjit Das CISO TCS,
  • Sudarshan Singh CISO Capgemini
  • A V S Prabhakar Chief Risk & Compliant Officer Zeta

 

Key Points Of Discussion:

  • Current Trends
  • Unique insight from the trenches and industry expert
  • Responding and recovering techniques
  • Building a reference architecture stack
  • What are the asks from regulators

 

(Panel Discussion) Recorded

 

 

Discussion Highlights

  • Current Trends
  • Unique insight from the trenches and industry expert
  • Responding and recovering techniques
  • Building a reference architecture stack
  • Have complete visibility on your supply chain ( inventory, criticality, dependencies )
  • Reduce the attack surface ( narrow the supply chain)
  • Integrate with your own enterprise risk mgmt. framework
  • Integrate (to the level feasible) with Enterprise IT security architecture (IAM , SOC, Encryption etc)
  • Execute due diligence on your supplier ( enhance the assessment from survey based questionnaire to  3rd part audit report , PT , external cybersecurity benchmarking scorecard  etc)
  • Ensure segregation in case of Supplier being multi-tenant
  • In case of cyber event , isolate /quarantine your company quickly  ( know the  “kill Switch”)
  • Have capability to scan and assess IOC/IOA in your network  ( very relevant for Ransomware)
  • Keep communication  template ready for your stakeholders ( Mgmt , Operations, IT , Customers, Regulators)

P.S. Discussion Summary was contributed by Sudarshan Singh (CISO, Capgemini)

 

 

(Fireside Chat) Recorded

Read more…

9430611298?profile=RESIZE_710x

 

Key Takeaways (Summary by Anton Chuvakin):

  • SOC is first a TEAM. Next a PROCESS. And it uses TECHNOLOGY too, but ultimately people and process defines SOC success
  • Key challenges in building a modern SOC include (1) gaining visibility with the expanding attack surface (2) managing alerts and volumes of data (3) retaining an engaged and loyal staff, keeping them productive and engaged
  • Engineers who create alerts should be the same or in lock step with those who respond to alerts. Reduce the amount of friction between people who do those tasks today in your SOC.
  • As you build a modern and hybrid SOC, there are parts of a SOC that do and don’t outsource well.

 

1.Contributors (Security Heads Of Organizations)

  • Anton Chuvakin, Google Cloud
  • Rajesh Thapar, Axis Bank
  • Vishal Salvi, Infosys
  • Durga Dube, Reliance
  • Harshad Mengle, Future Group
  • Imran Mohd., L&T Financial Service
  • Satyajit, Indusind Bank
  • Vikas Kapoor, Vodafone
  • Vikas Yadav, Nykaa
  • Sanjay Suri, Nykaa
  • Nitin Gaur, Omega Healthcare
  • Sanil Anand, SLK Global
  • Vishwas Pitre, Zensar
  • Maya Agarwal, Google Cloud
  • Bikash Barai, CISO Platform, FireCompass

 

2.Challenges of Modern SOC

  • Visibility of all assets
  • People and skill availability
  • Maintaining continuous updation of Tech Stack
  • Getting right insights from huge volume of incident events
  • Assurance to management
  • False positive
  • Scaling response handling
  • Dashboards
  • People harder to hire at scale of event incident log
  • Attack surface grows faster than people can be hired
  • Increased signals and alerts
  • Integration and dependency on environment (AWS, Azure)
  • Management’s education and awareness on SOC impact
  • Optimising expense on SOC

 

3. Critical Capabilities /SOC Tool Essentials

  • Use AI to automate SOC Analyst L1 level job
  • Improve threat visibility
  • Have great talent pool
  • Standardised dashboard for management

 

4.Questions To Choose Right SOC Partner

  • How do you onboard clients ?
  • What AI have you used to reduce reliance on human resources ?
  • How did you handle a breach (past) ?
  • How many customers & segregation (industry, geography) ?
  • What is the wallet share of services consumed ?
  • Have you been able to successfully replace previous SOC ?
  • What is the relative importance of people over processes in your organization ? (Hint: Great people should be more important)

 

 

9430639856?profile=RESIZE_710x 

Read more…

9380349677?profile=RESIZE_1200x

 

I wanted to personally invite you to join us today with Ryan Benson (Ex-Gartner Analyst) and Bikash Barai (Co-founder, FireCompass & CISO Platform). They will be discussing the "New Trends From Gartner Hype Cycle, 2021 That A CISO Must Know". Date & Time: 4th August, Wednesday, 11 AM - 12 PM (ET)

Gartner Hype Cycle is the most important analyst document which helps to find out the key trends in our Industry. The acceleration in digital transformation has brought about new threats. In the 2021 Hype Cycle for Security Operations, Gartner analyzes 21 profiles and points out that alongside a focus on detection and response, a continuous assessment and exposure-based approach is emerging in the Industry.

In this session, Ryan Benson (Ex Gartner Analyst, Director @ Stratascale) & Bikash Barai (Co-founder FireCompass & CISO Platform) will analyze the Gartner Hype Cycle 2021 and share their key insights. (CISO Platform Member Benefit) Join the webinar and get a complimentary copy of Gartner Hype Cycle For security operations, 2021

 

Key Points Of Discussion

  • Which are the new technologies/trends in Gartner Hype Cycle - 2021?
  • How to use insights from Gartner Hype Cycle for your security strategy
  • Understating the future and emerging new shifts in security landscape

 

Register Here : https://lnkd.in/dy9w2VBs

Read more…