By Josh Neame, CTO, BlueFort Security
As more organisations fine tune their cybersecurity approach to be in line with Gartner’s Continuous Threat Exposure Management (CTEM) framework, an increasing emphasis is being placed on identifying, validating and mitigating risk within their digital environments.
This is all well and good, but – and this is a big BUT – there’s an unfair challenge for organisations in that if you’re responsible for cybersecurity – be that a CISO, security engineer, red teamer or threat hunter – you often have limited team budget and resources to tackle that ever-evolving environment.
Pretty much the majority of the time, cyber attackers have the edge because they only have to succeed once, where defenders need to succeed every time.
According to Gartner, by 2026 organisations that prioritise their security investments based on a continuous exposure management program, will be three times less likely to suffer a breach.
The game-changing word in Gartner’s CTEM framework is “continuous”. Most things in life require a continuous effort to deliver long-term systemic change. If you want to improve the time you take to complete a 10K run, a sustained training program over a period of months is required. This continuous program should be tailored to your body’s starting fitness level, and then adapted as your strength and stamina change.
Winston Churchill once famously said: “To improve is to change; to be perfect is to change often.” When considered in the context of cybersecurity, this doesn’t quite ring true, given that cyber practitioners are usually one step behind the cyber criminals. We know that our cybersecurity tools and methodologies will never be perfect, but as Mr Churchill said, “to improve is to change” and that’s at the heart of Gartner’s CTEM framework – continuous change.
One important additional point I want to make here applies equally to the 10K runner as it does to the cyber security professional. That is, if you don’t have a good understanding of your current state of play (for the runner this will be cardio fitness and strength, and for the CISO it will be visibility of the organisation’s entire threat surface), the effectiveness of any plans will be significantly reduced.
Organisations are spending millions of pounds trying to keep themselves protected, but unfortunately more often than not, this fails. To illustrate the point, here are some eye-watering statistics from a new report by Pentera, a leader in automated security validation, that looked into the current state of security validation across large organisations.
There’s an old saying about achieving high quality in manufacturing, “You can’t manage what you can’t measure.” From an information security standpoint, a better expression would be “You can’t protect what you can’t see.” What’s clear from Pentera’s survey is that companies don’t understand where the issues are in their networks until a breach occurs, and then it’s too late. In my experience, the culprit for this is visibility – or a lack of visibility.
With these thoughts in mind, I’ll revisit my opening paragraph of this post… organisations to identify, validate and mitigate risk within their digital environments. Organisations must be proactive about improving their cyber resilience, rather than being target practice for any new malware that’s out there. Cybersecurity teams can use separate tools and service providers to do the job, or they can embrace new automated tools and do it themselves.
This is where automated security validation comes into its own. Automated testing in particular, levels the cybersecurity playing field by proactively finding problems before an attacker does, highlighting the impact of that problem if it’s not fixed, and giving a simple explanation of how to fix it.
There are a number of key steps that provide the foundation for Gartner’s CTEM approach including:
Point-in-time testing is no longer sufficient because an organisation’s digital environment changes all the time. New configurations, new tools, new users – all these changes present risks. True security validation involves rigorously testing an organisation’s digital environment, using a hacker’s perspective and techniques, covering endpoints and the entire network. Automated pen testing tools require no agents, manual playbooks, simulations, or false alarms. The approach is to operate like a hacker, thoroughly challenging security controls, identifying vulnerabilities and scrutinising credentials and privileges. What these automated tools are looking for are vulnerabilities, and then looking to attempt to exploit these weaknesses at scale, without malicious intent or harm.
Automated security penetration testing platforms model the way threat actors behave, by creating virtual attack scenarios that safely exploit points of weakness in the organisation’s attack surface. By constantly testing the organisation’s security infrastructure, automated penetration testing platforms can provide accurate threat validation information and informed recommendations for remediation.
Automating this process provides a detailed and real-time view of the organisation’s security readiness – validating the potential impact of threats by safely exploiting vulnerabilities, without impacting ongoing business operations. Vulnerabilities alone only tell half the story – exploiting these vulnerabilities with real-world attacks enables you to establish the severity and urgency of each threat, and then prioritise remediation based on the most immediate concerns.
Building automated security penetration testing into a CTEM program delivers the reliable, consistent and accurate information you need to make the right decisions to continuously improve your organisation’s security posture.
The Pentera study I referenced earlier, found that Boards are becoming increasingly more involved in pen testing and security posture data. Over 50% of CISOs reported that they share the results of pen test assessments with their leadership teams, as well as their Board of Directors.
Understandably, with high-profile breaches in the news, management teams and their Boards are increasingly interested in understanding their organisational resilience, and the potential impact of cyber attacks to their operations and business.
When it comes to cybersecurity, perfection isn’t attainable. The important element is to identify and be able to converse the security risk in business terms with upper management, receive the budgets necessary, and ride the continuous improvement curve towards cyber resilience.
© Copyright BlueFort Security Ltd.
The cybersecurity sector faces an effectiveness challenge. Despite the constant emergence of new technologies, notable breaches still persist. To thwart these attacks, the industry must embrace a fresh strategy centered around security operations. This is precisely where BlueFort comes into play.
Addressing the complexity of cybersecurity, External Attack Surface Management (EASM) provides critical visibility, active testing and ongoing security controls.
Cyber Threat Intelligence (CTI) tailors security measures by collecting, analysing, and distributing bespoke insights to prioritise risk mitigation effectively.
Data security, evolving since the 1980s, faces challenges with the surge in data volume and dynamic technology landscapes.
Gartner’s Continuous Threat Exposure Management (CTEM) shifts cybersecurity to a proactive model, prioritising risks through a cyclical approach.
In the data-driven business landscape, success hinges on effective data management. BlueFort’s Optimised SIEM transforms data usage, ensuring control and visibility for robust cybersecurity.
Modern cloud complexities demand continuous security adaptation. Cloud Security Posture Management (CSPM) ensures compliance, risk mitigation and efficiency.
In the era of digital transformation, traditional security models fall short. Zero trust, with IAM, ensures continuous verification, enhancing cybersecurity against evolving threats.
Trust BlueFort Evolve for all your cybersecurity needs – the premier program in the UK, providing comprehensive subscription program and on-demand expertise.
Safeguard your digital assets with our Security Assessments. Identify vulnerabilities, mitigate risks and fortify your online defences.
BlueFort’s consulting capabilities empower cyber leaders to navigate pivotal moments securely and effectively, delivering strategy and technology solutions that make the difference when it matters most.
Flexible on-demand technical support services from vendor certified engineers, whenever you need it.
BlueFort are your trusted cybersecurity solutions partner. With a long pedigree in simplifying cybersecurity challenges, delivering continuous improvement and providing access to the best cyber expertise-on-demand, we’re here to help.
Protect your business with BlueFort, the UK’s leading cybersecurity solutions partner, offering comprehensive protection against evolving cyber threats.
Using best practice frameworks to deliver Continuous threat exposure management programs to our clients, we ensure simple, ongoing, incremental improvements to your cybersecurity posture.
Trust BlueFort’s team of cybersecurity experts to deliver unparalleled customer support, ensuring your peace of mind in an ever-evolving digital landscape.
Discover exciting career opportunities at BlueFort Security and take your professional journey to new heights.
Your one-stop destination for cutting-edge insights and tools in the realm of cybersecurity. Our hub is meticulously curated to provide you with a comprehensive range of resources, from informative articles and expert whitepapers to insightful webinars and practical guides.
Stay informed on the latest cybersecurity trends with BlueFort’s regular events and webinar recordings. Join us for insightful sessions and demos.
Discover a wealth of cybersecurity resources in our content library. Stay up-to-date with industry news, expert tips and informative blog articles.
Securing access to sensitive data, assets, and resources with multi-factor authentication (MFA) is a core cybersecurity component. Because MFA has proven to be so effective,
