A recently published white paper from Frost & Sullivan demonstrates that real-time,
360-degree visibility into IT environments is the optimal method for deterring attackers.
HERZLIYA, Israel, September 9, 2020 — XM Cyber, the multi-award-winning leader in breach and attack simulation (BAS) software, was recognized by Frost & Sullivan for offering a superior solution to conventional manual testing for the reduction of cyber risk and operational costs.
Frost and Sullivan’s white paper highlights the importance of using automated tools like BAS in identifying security gaps. In Automated Breach and Attack Simulation: The Cost & Risk Reduction Revolution is Here, Frost & Sullivan’s Global Cybersecurity Program Leader Jarad Carleton writes, “Leveraging advanced automated BAS technology is a best practice that more enterprises with a large number of endpoints need to embrace. It will unquestionably enable organizations to raise the bar on security hygiene while simultaneously allowing IT departments to become more efficient.”
A Critical Period for Cybersecurity
In 2019, there were roughly 2.3 billion endpoints globally, according to Carleton. With the COVID-19 pandemic forcing millions of workers to telecommute, the job of maintaining endpoint security has become much more complex, as workers use their devices outside of the office and away from IT oversight and assistance.
Carleton notes that today’s organizations must deal with vulnerabilities arising from unpatched software, system misconfigurations, weak or compromised credentials, exploited trust relationships, poor encryption standards, or zero-day exploits. In addition to commonly known vulnerabilities, continuous changes in the user environment can lead to misconfigurations that are at the root of many security vulnerabilities.
Given these conditions, it’s imperative that enterprises have the right tools in place to maintain strong security. One of the best ways to ensure that unauthorized endpoint access or another common vulnerability does not lead to a costly data breach is the deployment of BAS technology offering continuous monitoring and real-time vulnerability analysis.
Benefits Over Conventional Security Testing
While breach and attack technology is similar in many ways to traditional penetration testing or red team exercises, it offers a few key differentiators. Manual testing is resource-intensive and expensive, which means that it is typically staged once or twice annually. This means that enterprises have little visibility into the state of their security in between testing periods. In addition to manual testing being expensive, it is often disruptive to business processes.
Breach and attack software solves this problem through automation. Instead of paying for a security team of variable skill and experience to conduct episodic tests and waiting weeks or months for results, enterprises get the benefit of 24/7 testing — the key to maintaining deep visibility into evolving vulnerabilities. In an era where dynamic cloud environments introduce a steady stream of changes, continuous monitoring is invaluable.
Additionally, while manual penetration tests can sometimes cause unanticipated collateral damage to live networks, BAS software can be safely run with no impact to production.
The XM Cyber Solution
Founded by three senior executives from the Israeli intelligence community, XM Cyber offers a cloud-based, automated BAS platform that offers protection in hybrid environments. XM Cyber technology mimics cyberattacks to identify vulnerabilities and offers prioritized remediation.
“XM Cyber’s platform mimics a real cyber adversary and conducts reconnaissance in the network and, eventually, inside secure zones,” Carleton writes. “At the end of the simulation, the enterprise can view the number of critical assets compromised and track each attack vector and its path to the defined critical assets. The enterprise security team is then able to investigate each step leading to the simulated breach and determine whether one or more choke points can be addressed to protect secure zones.”
Frost & Sullivan’s Verdict
The solution, according to Carleton, is the adoption of tools such as those offered by XM Cyber.
“Automated BAS tools such as XM Cyber change this equation and enable organizations to continuously monitor their IT environment for vulnerabilities in a safe, scalable, and cost-effective manner as the network changes. Since minimal input is required from security analysts, IT teams can focus their efforts on other critical tasks. Frost & Sullivan believes that leveraging advanced automated BAS technology is a best practice that more enterprises with a large number of endpoints need to embrace. It will unquestionably enable organizations to raise the bar on security hygiene while simultaneously allowing IT departments to become more efficient.”
To download the white paper, please click here.