Defense in Depth
The best time to start hardening your systems was 3 years ago…
the next best time to start is NOW.
Broadly Accepted Security Principles
- Assume the attacker will gain initial access and focus your defenses on stifling the establishment of Command & Control, executing lateral movements, escalating privileges, and data exfiltration
- Proactively harden your systems by quickly finding, fixing, and verifying the remediation of exploitable attack paths
- “Train like you fight” to identify weaknesses in your security controls PRIOR to a breach
A security testing strategy to complement your defense-in-depth strategy:
Continuously executed Unauthenticated pentests (both internal & external) to identify ways an attacker can access your "crown jewels" data & systems with minimal effort
Execute no-notice pentests to measure and improve the reaction time of your SOC or MSSP
Execute yes-notice pentests and collaborate with the SOC and IT Operations to harden your systems, operating as a purple team
Executive Webinar
Defense in Depth
Layered assessments are critical for your cybersecurity strategy, now more than ever. Starting with primary defenses and layering to more advanced defensive measures is a form of ‘Defense in Depth’ that has proven to work.
Defense in Depth Whitepaper
Layered Defenses Require Layered Assessments.
“Layered Assessments” – focusing on attack vectors that pose ongoing risk in a rapidly changing network and application environment – allow organizations to test defenses and adjust quickly when weaknesses are identified. They leverage automation to frequently assess attack patterns used most frequently by attackers, reserving scarce and more expensive security resources to assess lesser used attack patterns. Layered Assessments allow organizations to scale assessments across their entire portfolio.
Download the entire whitepaper to learn more.
Traditional pentests, whether automated or manual, present several challenges to organizations:
Incomplete
More time is more complete, but also more expensive. To compensate for this, the attackers are often provided credentials to accelerate the tests.
Scalability
A thorough manual pentest often costs $30,000 to $50,000 per engagement. This limits manual pentests to infrequent assessments.
Timeliness
Manual pentests are measured in weeks. Attackers are always present and evolving their tactics.
Remediation
Results are filled with false positives and little remediation information, using just a point-in-time representation of a system’s security.
Real Adversaries Seek Minimum Effort
They look for attack vectors that allow deeper reconnaissance, then chain weaknesses to gain credentials, escalate privileges and execute attacks.
Autonomous Red Teaming
NodeZero Enables Continuous, Autonomous Assessments.
NodeZero is a true self-service SaaS offering that is safe to run in production and requires no persistent or credentialed agents. It assesses systems as would a manual pentester, but faster, more completely, and with more actionable results. By starting with unauthenticated access to a system, NodeZero mimics the approach used by your adversaries.
Reconnaissance
The first step in an assessment is to map and catalog the environment. NodeZero starts with unauthenticated access to the system, then creates a Knowledge Graph, identifying all hosts, misconfigurations, open ports, and searches for credentials.
Maneuver Loop
NodeZero acts as an Advanced Persistent Threat (APT), orchestrating over 100 offensive tools to harvest credentials, exploit vulnerabilities, and exploit default and misconfigurations to execute attacks.
Verified Attack Plans
The results are provided as “Proofs” with graphical and textual representations of each step of a successful attack, including tactics used, how credentials were obtained, paths taken to gain privileges, and access to systems.
Impact
Like a determined attacker, NodeZero surfaces data at risk across physical and virtual environments it was able to access with read/write privileges, including SMB shares, NFS shares, FTP shares, cloud storage, vCenter servers, and databases.
Contextual Scoring
Instead of relying on CVSS scores, NodeZero evaluates each weakness by its role in the successful attack. Organizations can quickly identify those weaknesses that present the greatest threat and must be addressed immediately, and which can be safely deferred.
Actionable Remediation
NodeZero provides precise and actionable remediation guidance, allowing security and operations to resolve issues at the root cause.