Cyber security is serious business, though at times it can seem like a complicated game of cops and robbers, good guys versus bad guys, or white hats taking on black hats. For that reason, it is no surprise that a recent Dark Reading article stresses the importance of training your IT security team by splitting into two groups. One group (red) plays the part of cyber criminals, and the other group (blue) attempts to protect your network from the red team’s emulated attacks.
As the article points out, implementing a “hack-yourself” program program can improve the effectiveness of your defenses through better awareness of how attackers might approach certain network vulnerabilities.
After all, when your network is under attack, your most valuable asset is time. The faster you can identify a network attack and understand what’s at risk, the quicker you can identify where the attackers are and what they’re doing. Responding to attacks quickly and efficiently requires an advanced level of preparation that many security teams haven’t yet achieved.
So where do you start? Third-party consultants specializing in “red team exercises” or penetration testing can help large enterprises sharpen their ability to spot critical network vulnerabilities. External red team exercises offer a level of expertise that most organization don’t have internally. At the same time, there is value in “hack-yourself” programs designed to strengthen internal capabilities and practice the necessary skills to improve your network security posture.
The Dark Reading article accurately surmises that it is not enough to have your IT security team practice hacking skills on third-party sites. Instead, internal red team exercises should be carried out on your actual company network to avoid the complacency that can result from simulations. Get the most out of a “hack yourself” program; however, to avoid causing damage to the network, provide your security team with the proper training to identify vulnerabilities as it hunts for data, administrator credentials, or any other valuable assets on your servers.
Once your internal red team is ready to launch a “hack-yourself” program, supply them with tools similar to those that attackers have at their disposal when launching threats. Toolkits such as Metasploit through Kali Linux and Cobalt Strike are available to help you optimize penetration testing and uncover your organization’s deepest vulnerabilities.
Endpoint modeling can become a huge advantage to blue teams trying to defend against simulated attacks. With access to endpoint modeling technology, blue teams gain real-time views to the red team’s activities, so they can flag them immediately. For example, many of our clients subscribe to vulnerability scanning services such as Qualys, and we’ve already helped many of our clients see that activity and take note of it. In this case, we recommend whitelisting those scanning services so we don’t unintentionally create alerts for known or acceptable behavior.
Our Dynamic Endpoint Modeling solution is also integrated with other scanning tools, such as Nmap, and it can display those results in the Observable portal. All of this is so critical in helping your team identify and defend against attacks – in penetration testing exercises as well as in the real world.
The idea of “hacking yourself” is not exactly a new concept. In fact, “Hack Yourself First” is full course developed by software architect and software expert Troy Hunt and is available from Pluralsight and Computerworld.
For more information on hacking yourself and penetration testing, you can also take a closer look at these resources:
Getting better visibility into your network and improving your security couldn’t be easier. Sign up for a free, no-risk trial of Observable’s Endpoint Modeling solution, and change the way you see security.
Detect Threats Faster – Start Your Free, No-Risk Trial