Attack Simulation: Be Your Own Worst Nightmare
Hackers don’t play by the rules. Your IT security can’t assume that they do. Attack simulation sheds light on how your security measures might fare in the real world, where attackers exploit vulnerabilities, compromise hosts, and set up camp in behind your diligently compliant firewalls. It lets you test your own defenses
By understanding weaknesses in your network you can better secure it, improve vulnerability management, and quote Rambo and Dirty Harry movies while being a total infosec B.A.
Prioritize by actual risk, punk
SANS Critical Control 4 says you need methods in place to prioritize the most critical vulnerabilities facing your network. This includes having risk scores to compare the effectiveness of reducing risk, rating exploitability and potential impact by asset type, and patching vulnerabilities with the greatest risk first.
The traditional approach to such prioritization equates risk with vulnerability severity rating. But CVSS scores don’t help convey actual risk to the board.
Next-generation vulnerability prioritization examines complex relationship within a specific network to determine risk. The Skybox risk equation is:
RISK = IMPACT x LIKELIHOOD x TIME
In the equation, impact considers the vulnerability and the host it affects; likelihood considers the vulnerable host and its surrounding network security; and time considers immediacy of potential exploitation.
Dance with the devil in fake moonlight
The Skybox risk equation is based on a context-aware view of your network represented in the Skybox model. The rule-based model understands relationships beyond network mapping and incorporates layer 3 devices, configuration data, and routing tables; threats; vulnerability assessment data from third-party scanners; and information from assets and patch management systems.
Strategically combining this information gives context to your vulnerability data, so you can better prioritize remediation efforts that are best for you, now.
And it’s from this model that you can simulate attacks. Advantages of using an accurate, up-to-date model for “network scrimmage” include:
- No active traffic on your actual network
- Match vulnerability assessment and asset data to your most critical assets
- Mock threat origins from any ingress point, inside or outside your network.
If it’s not broke, try to break it
Skybox attack simulation technology tries to exploit all vulnerabilities on all assets from all threat origins, because one tiny security gap is all an attacker needs to infiltrate your network.
Attack simulation tries to move data past any of your existing security controls, as in a real attack. A successfully simulated attack assigns context-based risk. If a simulated attack results in the complete compromise of a host, another simulation is run using the compromised host as a threat origin to understand the risk of stair-step or pivot attacks.
Vulnerabilities can now be prioritized by actual risk. To understand how best to move forward with targeted, efficient remediation, you can view simulation results from multiple perspectives, such as threat origin, network segment, business unit, or asset.
With in-depth network modeling and sophisticated attack simulation, you can bring risk into view for your organization and define effective strategies to neutralize it.
See Skybox attack simulation in action in this demo of Skybox Vulnerability Control.
Mature IT security starts with total visibility. Learn how comprehensive network modeling brings even the most complicated networks into view and creates a testing ground for attack scenarios, assessing proposed changes, and more.
Get 4 easy-to-implement best practices for vulnerability management, from assessment to remediation, to neutralize risks fast.
Originally published at blog.skyboxsecurity.com on July 9, 2015.