Managing Risk via Cybersecurity Validation and Exposure Management

An Interview with Seemant Sehgal, Founder & CEO, BreachLock Conducted by TAG Cyber

The need to continuously validate and mitigate cyber threats has become a high priority for modern enterprise security teams. Such focus on the provision of on-going cyber protection is best implemented in the context of attack surface management (ASM) programs and proactive investigation of visible assets through automated testing, security control validation, and red team exercises.

The team from commercial cybersecurity vendor BreachLock offers a seamless means for supporting cybersecurity validation and exposure management via an automated platform that operates in a continuous manner. The TAG team recently sat down with BreachLock to better understand how the company was combining human-delivered service with AI-enabled technology to support PTaaS, ASM and other automated security testing solutions for customers.

TAG: Do you see the growing emphasis on cybersecurity validation and exposure management coming from concerns for more intense cyber threats, more difficult compliance requirements, or perhaps both?

BREACHLOCK: As corporate leaders become more involved in the decision-making process for cybersecurity procurement and retention, we are seeing that organizations are no longer satisfied with just threat detection for their IT and cloud environments. They now seek proactive measures and a continuous enhancement of their security posture, to achieve what we refer to as “security control optimization.”

Cyber security validation and exposure management are complementary and even though each share the common goals of identifying security weaknesses they differ in approach.

Simply put, Cyber Security Validation embeds highly automated, repeatable, and predictable security testing features into one platform to ensure comprehensive solutions and greater testing accuracy across an organization’s entire ecosystem’s defenses and incident response capabilities.

At the core of cyber security validation is Attack Surface Management (ASM). Attack Surface Management (ASM) has now become the linchpin of cyber security validation, serving as the cornerstone for testing by identifying exposed assets and their associated vulnerabilities. Utilizing ASM to identify vulnerabilities expedites the prioritization of risks related to exposed assets and their key entry points for potential attackers, leading to a substantial enhancement in cyber defenses. Using ASM creates a starting point for other solutions such as pentesting and red teaming. This marks a significant shift, as ASM streamlines the process of identifying assets for testing enabling organizations to gain a more accurate understanding of their actual risk.

Exposure Management encompasses a range of processes and capabilities enabling enterprises to consistently and continuously assess the visibility, confirm accessibility, and evaluate the exposure and exploitability of both digital and physical assets within an enterprise.

Exposure Management involves gaining insight into your attack surface from the perspective of an attacker. However, it can be argued that this perspective alone is no longer sufficient. Organizations need to surpass the attacker’s view of common vulnerabilities and exposures (CVEs) in the process of discovering, prioritizing, and addressing potential threats and vulnerabilities within their security ecosystem.

At BreachLock we believe for exposure management to be effective, it must align with ASM for a more extensive impact. In turn, for ASM to effectively support Exposure Management, it should not only concentrate on the ongoing visibility of an enterprise’s digital presence on the public-facing internet, but also encompass broader context around all digital assets – both internal and external.

TAG: What do you see as the key functional and security requirements from enterprise teams wanting to implement a program of attack surface management? For example, do they often cite the need to discover unknown assets?

BREACHLOCK: ASM is still relatively new and is often defined as EASM with an external focus looking in. And, of course, organizations always want to discover unknown assets, which has been the typical definition and use of ASM. However, to understand ASM and all its functions and features, BreachLock sees it as a pivotal tool in the security testing process to be used across both the internal and external attack surface.

As previously mentioned, we see ASM as the basis of providing deeper insights into the discovery of an exposed asset and identifying what assets to prioritize for mitigation based on knowing actual risk. Once actual risk is identified, this creates a realistic roadmap and starting point for other tools such as automated pentesting and red teaming solutions, which ultimately saves valuable time, costs, and resources.

Also, ASM must provide context and not just a categorization of exposed assets and their vulnerabilities. These must be accompanied by evidence. BreachLock provides a Proof of Concept (POC) visible within our platform for better analysis and mitigation for each vulnerability discovered and the asset it affects. But it is important to understand that the typical process of asset discovery and prioritization is limiting if there is no context available.

At BreachLock, our ASM solution is evidence-based driven by our AI technology. This technology, along with over five years of aggregated data of pen tests, ASM scans, vulnerabilities, and threat data, allows us to uncover vulnerability patterns and anomalies that may normally go undetected. This evidence-based context provides our customers with enriched insights and actionable data that they can use. So, context becomes a crucial consideration for what we call “risk-based prioritization” which is a key component of Cyber Security Validation and Exposure Management.

TAG: We’ve seen many requests for proposal and support coming from enterprise teams interested in penetration testing as a service. Tell us about your experiences supporting this market including how practitioners should introduce such capability into their programs?

BREACHLOCK: Yes, we have seen a real increase and focus on Penetration Testing as a Service (PTaaS) from enterprise teams as they shift from being reactive to more proactive. Because of this, we are also seeing a very purposeful move from traditional targeted penetration testing to more interactive exercises such as Red and Purple teaming.

It is evident that our enterprise clients are focusing and investing more and more in emerging technologies such as AI, ML, Blockchain, IoT devices etc. as their threat landscape continues to evolve. Enterprise customers demand more flexibility, agility, and faster turnaround times as they are progressively investing and making very high impact decisions to secure their assets.

BreachLock can meet these demands as we offer versatile and scalable PTaaS solutions for both automated pentesting (which is great for large enterprises with heavy workloads and computing needs), Red Teaming, Attack Surface Management, and continuous automated testing to assess their attack surface on an ongoing and regular basis. So as the threat landscape changes, BreachLock keeps pace with continued product innovation and emerging technologies to secure the assets for our customers in both internal and external environments.

TAG: A related issue that comes up frequently in our interactions with enterprise security teams is the need to engage in red teaming. How does your team support real-world attacks and how do you ensure that TTPs in red team exercises are up-to-date and realistic?

BREACHLOCK: We see Red and Purple teaming emerging as a powerful and proactive approach to mitigate the impact of a ransomware or malware attacks. Red Teaming as a Service (RTaaS) is an integral part of BreachLock’s solution set and is designed to penetrate enterprise systems and assets using the latest attack tactics, techniques, and procedures (TTPs), security controls, and processes. Our primary goal is to test a security team’s readiness to defend against an actual cyber-attack by attempting to exploit security weaknesses just as real attackers would. Thus, we must ensure that TTPs in red team exercises are not only realistic but are based on real-world attacks. These are consistently updated as more sophisticated attacks occur.

As mentioned prior, we are seeing enterprises move to a more proactive approach to secure their attack surface and both Red and Purple teaming helps them to understand how well their incident response capabilities can detect, contain, and mitigate an attack.

Red Teaming is especially useful in incident response when an actual breach has occurred so that customers can better understand the impact, contain the breach, and improve future security measures. In post-incident analysis, BreachLock experts will analyze and understand the TTPs, or attack method employed by the attacker(s) during the exploit, identify the initial attack vector, execute lateral movement within the network, and use techniques to evade detection. BreachLock Red Teams also assist in conducting root cause analysis, scenario re-creation, and validation of IR plans all to enhance threat intelligence and adjust security policies.

BreachLock offers a highly advanced set or red teaming tools and services to test the defense of an enterprise’s security perimeter against a mature security offense. BreachLock Red Teaming as a Service (RTaaS) combines the best aspects of human-delivered and automated red teaming with modern technologies that incorporate AI-powered cloud-based SaaS controls.

TAG: A final question involves our interest in understanding how BreachLock makes use of artificial intelligence to enhance platform capability. What’s been your experience using such advanced technology?

BREACHLOCK: We have been very successful in leveraging our proprietary AI technology and customers often comment on the use of it and the value it brings. The term ‘artificial intelligence’ is thrown around a lot and means different things to different organizations.

A lot of security providers include AI as a part of their technology offerings, but most customers have discovered that it isn’t AI or machine learning. AI is often over-promised and under-delivered, ultimately failing to provide the benefits for which the customer had hoped. At BreachLock, we are very transparent about our AI technology and how it is used to solely benefit our customers and help accelerate the accuracy of their security testing.

If you go to our website, you will find AI technology under BreachLock’s “product solutions.” That is how important AI is to us and our customers.

BreachLock has been providing continuous security testing for over five years now. Having conducted hundreds of thousands of penetration tests, ASM scans, and automated testing for customers across different industries, our data contains comprehensive intelligence on vulnerabilities, exploits, threats, and remediation best practices. It is impossible for any human to assimilate and process this amount of data to make real-time inferences or intelligent decisions regarding their security ecosystem. Because every target for every hacker is different every time.

We deploy a proprietary AI technology driven by the power of Natural Language Processing (NLP) to identify patterns and anomalies in mere seconds to find unique attack paths, and Tactics, Techniques and Procedures (TTPs) to make faster, more accurate, and well-informed decisions about vulnerability findings through risk-based prioritization – meaning prioritization is based on real evidence and actual risk. At BreachLock, we like to think that we put security control back into the hands of the security teams.

Here are just a few of the customer benefits of BreachLock AI technology:

• Exploitability Prediction: Our AI technology can analyze vast amounts of data to identify vulnerability patterns and anomalies that can predict a potential exploit, including known and unknown threats.
• Multiply Scale and Speed: Multiply not only the scale, but the speed of vulnerability identification. Based on the interpretation of large data sets, historical data, and thousands of evidence-based tests, we uncover patterns impossible to detect solely with manual methods.
• Improve Incident Response: When seconds matter, we can provide real-time information and actionable intelligence about security breaches to improve incident response time and help security teams prioritize and allocate resources more effectively — during and after an attack.
• Security Analytics: Our AI technology is driven by Natural Language Processing (NLP) to parse our own real-time logs and other textual data to extract valuable information to find unique attack paths, TTPs, and vulnerability descriptions enhancing TI and the response of your SIEM.
• Adaptive Security: Through our AI-powered technology and ASM solution, we continuously monitor your growing internal and external threat landscape and map for matches across your entire attack surface.

About BreachLock

BreachLock is a global leader in Continuous Attack Surface Discovery and Penetration Testing. Continuously discover, prioritize, and mitigate exposures with evidence-backed Attack Surface Management, Penetration Testing Services, and Red Teaming.

Elevate your defense strategy with an attacker’s view that goes beyond common vulnerabilities and exposures. Each risk we uncover is backed by validated evidence. We test your entire attack surface and help you mitigate your next cyber breach before it occurs.

Know your risk. Contact BreachLock today!