In an ever-evolving cybersecurity space, the constant is the nature of the bad actors who are trying to attack your organization every day.
In an OSINT study conducted by Firecompass, some very staggering data were found. At the same time, it’s not really shocking to know that organizations are being breached almost every day. The number of exposed assets and inventories online is indeed troublesome. In contrast, more than 500K databases were found exposed. We found about 30% of organizations had open RDP ports and over 6.7 Billion leaked passwords. Considering the study was a couple of months old, the numbers have only gone up.
In our latest webinar on “Future of Offensive Attack Simulation & Continuous Automated Red Teaming,” our speaker Bikash Barai, Co-Founder, Fire Compass spoke at length about the key industry challenges how continuous automated red teaming (CART) will chalk the new way in the future.
Some of the key industry challenges highlighted were:
- Shadow IT & Incomplete Asset Inventory: Testing partial assets where we miss Shadow IT, Preprod systems ..etc
- “Testing Sometimes vs Continuous Attacks From Hackers”: organizations test “some” of their assets “some of the time” whereas hackers are attacking all of the assets all of the time
- Unevolved Security Testing – presently, the reports generated are only for a point in time. While what is required are continuous alerts.
To know more refer to the presentation below.
Offensive Security Landscape
Presently there are two types of security controls; one can either make a point in time assessment or conduct continuous testing. And to protect yourself, you either have the choice of conducting simulated attacks or real-world attacks.
Red Team Landscape
Blue Team Landscape
Depth Vs Breath
Breach & attack simulation, and penetration testing are presently common; however, the range is limited, considering they are a point in time testing and simulated attacks.
Continuous Automated Red Teaming (CART) is an upcoming technology that fills the gap between continuous attacks and real-world attacks.
Firecompass is one of the few organizations that has recently launched a Saas based platform for CART.
To learn more about CART, you can see the webinar recording below.