Today’s cyber environment is one of rapid and constant change. Stepping up in a technologically savvy world, threat actors are using an arsenal of new and sophisticated techniques that make recognizing their attacks harder than ever. With several thousand products and a rapidly changing landscape of ever-increasing threats and risks, cybersecurity seems as elusive, and probably as impossible, as the “happiness problem”.
The edge here for adversaries is that they only have to succeed once where the organization as a defender needs to succeed every time. Also, security is laborious. Organizations can only test some of their assets, some of the time, whereas hackers are attacking all assets, all of the time.
The emergence of the new technology called Continuous Automated Red Teaming, or CART, can be a gamechanger in solving the problem.
Red Teaming: A Very Realistic Attack Emulation, but Hard to Scale
Red teaming is a goal-based ethical hacking technique that is used on a much broader and larger scale than conventional security testing. It lets the security teams first discover an organization’s attack surface and then launch simulated attacks to test blind spots – this is very similar to a real hack. Unlike penetration testing, it is not based on the scope of IPs/applications but instead objective- or goal-based, meaning you can attack whatever you want to achieve the goal.
Traditional red teaming is done at a point in time. And it involves multiple tools, manual effort and only tests a fraction of an organization’s assets, occasionally. It is largely manual, hard to scale, and unaffordable for most organizations.
CART: Emerging Tech for Comprehensive and Continuous Attack Surface Discovery and Testing
CART is an emerging security technology designed to automate red teaming so that one can achieve the breadth and depth of the process as well as scale it and seamlessly conduct it on a continuous basis. There are multiple potential approaches including hardware, software, or even Software-as-a-Service (SaaS).
At FireCompass, we developed a SaaS-based approach that uniquely combines Attack Surface Management (ASM), Shadow IT Discovery, and the simulation of various types of attack playbooks, including ransomware attacks, network and application attacks, social engineering, and more. The platform uses an outside-in approach by working with zero knowledge and without the need for any hardware or software to find risks on the digital attack surface of an organization.
During the CART process, an organization can search already indexed deep, dark, and surface web data using similar reconnaissance techniques as threat actors. It automatically discovers an organization’s dynamic digital attack surface, including unknown exposed databases, cloud buckets, code leaks, exposed credentials, risky cloud assets, and open ports, etc. Once an attack surface is recognized and the scope for the simulated attack is authorized, the attack engine launches multi-stage attacks on the discovered surface to identify security blind spots and attack paths before hackers do. The platform then prioritizes the risks and recommends the next steps for mitigation.
CART vs. Traditional Solutions
Traditional red teaming is typically conducted once or twice a year. It is consultant-driven and requires manual orchestration between multiple tools. CART automates the process and makes red teaming continuous.
Penetration testing is conducted on a few, known applications or systems. CART, unlike penetration testing, discovers the attack surface on its own without any inputs and launches a combination of multi-stage attacks, spanning from networks to applications to humans.
Breach and Attack Simulation (BAS) tools typically need hardware or software agents to be installed and work inside of an organization. The tools mimic real threat actions and tell how much an attacker can proliferate if it gains access to an internal system. CART on the other hand works using an outside-in approach and conducts real attacks without the need for any hardware, software, or integration.
While today’s hackers operate with a level of sophistication that surpasses typical preventative and detection capabilities, CART can be a game-changing approach to stay one step ahead. You must test your own controls to identify potential blind spots before an attacker exploits them.
Authored By Bikash Barai, Co-Founder of FireCompass
Note – Originally this blog was first published in Security Magazine, you may find it here.