From the Yahoo breach of 3 billion accounts, to the JP Morgan intrusion, to the recent Equifax attack, the frequency and scale of attacks is increasing. And there is no sign of stopping.
As you watch company after company essentially falling victims, and unable to deal properly with these crises, it is becoming evident that current security testing and methodology needs to evolve.
Almost every organization today uses firewalls and other network/security devices to enforce perimeter security. The perimeter, that *public facing layer* designed to keep attackers outside, was designed at a time when attacks were still uncommon (or rather they remained undiscovered for long time) and security was and afterthought.
That perimeter is no longer relevant today. When that perimeter is breached - and it always is - an attacker has almost unrestricted access to the organization’s internal network and systems.
As mentioned previously, adversaries constantly adapt and learn from failures. The complexity of their tactics is ever increasing, creating unpredictable outcomes after an attack. Adaptability and resilience in the face of this unpredictability, then, becomes the key to a successful security posture and business continuity.
Today's digital, physical and social landscapes are complex. This complexity hides untested and unchecked security holes. Having a security program that is fixed, doesn't take into account the evolution of attacks and *attackers*, and continues to carry over legacy ideas, will most likely crumble under the pressure of a real security incident. It would probably provide a good immediate response, however unless the plans and procedures are flexible and resilient enough, chances are the plan will not survive first contact with the enemy. Having the ability to design programs, business processes, technology architectures, and digital security with the protection of critical assets in mind, while maintaining and integrating business continuity across all aspects of this will create resiliency.
One of Advanced Capabilities Group’s primary offerings is Red Teaming. This is something not everyone is familiar with, even those who are focused on security services. There’s also a variety of perspectives on what constitutes Red Teaming. Our perspective on this is deeply rooted in the adversarial mindset and is shaped by over 30 years of hands on experience. We thought it was important to give you an idea of where we stand on Red Teaming and its invaluable role in building a holistic security program.
Today’s adversaries don’t play by any rules. They constantly adapt and learn from failures and the complexity of their tactics and thinking is ever increasing. Whether nation sponsored, criminal or simply opportunistic, this new breed of attacker isn't bogged down trying to exploit the usual suspects (firewalls, web servers, email servers, etc.) They’re not wasting time thinking about your security checklists, policies, and procedures that have been painstakingly developed to thwart them. They’re happy to just go around, under, or over them and uncover weak links wherever possible.