Critical observations from Penetration testing observations or bug bounty findings exercises often work against casts a bad light on blue teams and managed service providers handling network security and security operations. Clients often read those observations as an indication of the non-effectiveness of the services and can question the ROI from these managed services.
On the other hand, security assessment organizations and researchers are always focussed on identifying exploitable risks as their primary objective. Remediation of the vulnerabilities or empowering the blue and security operation teams in defending and responding to attack attempts against the discovered vulnerabilities sometimes takes a back seat.
The fact is that however good the security technology is or the resources managing it, attacks can still happen. The ever-changing nature of the attack surface makes defending a modern organization tricky since newer exposures appear on a regular basis. Ideally like in purple team assessments, the security assessment programs should work hand in hand with blue teams and security operation center teams to continuously measure and improve existing security controls and monitoring capabilities.
MSPs should operationalize security assessment intelligence for Cyber Threat Informed Defense
In security assessment programs, adversarial behavioural traces should be used for active or passive validation of security controls, proactive detection of future attacks, and instrumented or semi-automated response actions. The different characteristics identified in actual adversary actions should be used to validate the effectiveness of security controls, active and passive security assessments, and the development of continuous security monitoring strategies.
In real-world enterprise environments, security assessment observations are not always immediately remediated. Sometimes it may even take months, or it may never get remediated in some instances, where the risk is accepted due to business reasons. This means that attackers or adversaries can leverage these weaknesses or flaws directly or indirectly by chaining them with other vulnerabilities. The dependency on time, developers, and effort needed for remediating vulnerabilities often make the observations of no real value unless they can be used as intelligence for compensatory control fine-tuning and proactive monitoring. In other words, security assessments should aid the threat-informed defense practice by empowering blue teams with the intelligence needed for continuous security monitoring and effective incident response. This will significantly improve the value that security assessments bring in, instead of becoming an activity that adds more noise to the already known list of vulnerabilities.
By adding Intelligence-led Penetration Testing as a service to their portfolio, MSPs and MSSPs can provide significant value to their customers by continuously improving their detection and response capabilities by leveraging the intelligence from these assessments.
How can we help?
NST Assure, our flagship platform is world’s first and only true Continuous Penetration Testing as a Service Platform (CPTaaS) that is intelligence led and External Attack Surface Management driven.
With NST Assure, changes in your external attack surface are continuously monitored with AI/ML powered discovery process and observations are validated near real-time and de-duplicated by experts to avoid noise and false positives. The relevant observations can trigger manual expert led penetration testing to validate possibility of exploitation.
NST Assure discovery process is in-depth, comprehensive and covers all channels like Internet, Deepweb and Darkweb.In addition to the auto invoked penetration testing, NST Assure supports management of scheduled and on-demand security assessment engagements. This empowers the customer to be in control of the security assessment management process by directly collaborating with assessors and SMEs.
Scheduling debriefing sessions, requesting revalidation of observations, retrieving penetration testing reports or trackers, and setting up new assessment engagements all can be seamlessly and securely managed with in NST Assure.
NST Assure also comes with vulnerability risk prioritization support and ability to convert security assessment observations to Machine Readable Threat Intelligence (MRTI) bundles which your SOC and network security team can use for proactive monitoring and defense of exploitation attempts.
About NST Cyber
NST Cyber is an emerging leader in the Cyber Threat Management space. NST Cyber provides a portfolio of Security assessment, Control validation, Defensive, and Detective Security advisory to Enterprises. NST Cyber collaborates with several business verticals like Banking and Finance, SaaS, Retail, Manufacturing, and Healthcare to assess their current security posture and continuously improve resilience against targeted cyber-attacks.
NST Cyber assists several esteemed Banks and FinServ companies to improve Enterprise-wide security posture and meet compliance requirements from regulators.
For more information, contact us on email@example.com or visit our service page.