Reading a recent article about a dark Web market’s self-promotion by way of a free giveaway of just over 1.2 million credit card details makes me cringe. As a result, I am reluctant to enter my credit card details on this new online store I found that has the product I need on special.

Anxiety is creeping up on me and I wonder if ordering my pizza online for lunch later is going to end up leaving a bad taste in my mouth. However, I eventually conjure up enough courage – albeit with a little less enthusiasm – and go for it anyway, hoping that these sites should be protected sufficiently so that Web skimmers can’t pilfer my credit card details.

But clearly not all online services are sufficiently protected – as the article on the latest dump of credit card details shows. This includes all kinds of online shopfronts we may provide our details to – such as shopping for food, gadgets, clothes or travel. Equally, many breaches in the past have occurred against big enterprises, be they banks, insurance houses or any other organisation we entrust with our personal information.

Yet dealing with many of the organisations in the financial sector, we find that a lot of time, effort and money is spent securing the network with the latest firewall technologies, ensuring events are collected and analysed in security information and event management (SIEM) solutions and authentication policies are followed to the “t”.

So, why are bad actors still winning? This comes down to two factors:

For most organisations, the environment is in a constant state of change, which makes it really difficult to keep up when it comes to implementing security policy changes required at so many different layers across a growing attack surface.
For many organisations, the emphasis is on having the right things in place for compliance’s sake rather than to be sure that these processes and solutions actually keep bad actors out. Therefore, for some organisations, penetration tests are only executed at the minimum required frequency (once a year) to pass the annual audit.

The real problem is that most organisations do not test the very systems that are meant to keep bad actors out at sufficient frequency and using an exhaustive battery of tests that mimics the behaviour of real cybercriminals. That is like telling the trapeze artist he is good to go when we last tested the safety net a year ago – it doesn’t exactly instil confidence, does it?

You may ask at this point how one might test the robustness of such systems. Surely I cannot be expecting expensive pen tests to be run against the environment at any significant frequency? But yes, I am suggesting that frequent testing of the production environment takes place. I am also suggesting that tests are far more exhaustive than what may be achievable with typical pen tests targeting maybe the OWASP top 10 vulnerabilities. I am suggesting breach and attack simulation 24x7x365.

BAS

Breach and attack simulation (BAS) is exactly what is needed to ensure any change that may give bad actors the slightest advantage is caught, through consistently simulating attacks. BAS is a test solution to assess the robustness of your environment against bad actors, identify the gaps found during the tests and make clear recommendations of steps to resolve them while providing alerts through integration to your SIEM solution.

With the ever-changing threat landscape, I also recommend subscribing to a threat intelligence feed that clearly informs what should be done to prevent an attack. It’s better still if such information can be used automatically by being integrated into next-generation firewalls (NGFWs).

Also, to aid the NGFW in this process, I strongly recommend real-time threat prevention, which limits malicious traffic from hitting your NGFW in the first place, thereby significantly reducing your attack surface and in turn preventing alert fatigue.

Real-time threat prevention will inspect incoming traffic, recognise threats and block all known bad IP addresses so that your firewall doesn’t even have to deal with them.

For more on how the breach and attack simulation and real-time threat prevention solutions from Keysight can help you to create an effective breach and defence strategy, please feel free to contact IT Ecology or download the white paper on this topic.

About IT Ecology
Founded in 2004, IT Ecology made it its mission to provide technical testing and monitoring competencies to the sub-Saharan African market. The company excels at delivering against unique customer requirements. Customers call upon IT Ecology as the solution thinkers and advisers. Coupled with a can-do attitude, our team has delighted our customers, again and again, exceeding their expectations. For more information, visit www.itecology.co.za. or connect on LinkedIn.