For the next video in our Whiteboard Series, we talk about a Crawl, Walk, Run Approach to introducing offensive cybersecurity operations to your environment.
What are Offensive Cybersecurity Operations?
Offensive security operations are about replicating the type of tactics and procedures that real-world hackers are using to penetrate networks. Common forms of offensive security include penetration testing and vulnerability scanning.
What is Crawl, Walk, Run?
A Crawl, Walk, Run Approach is an effective method where you lay out the steps for an organization to start out with the basics, and mature their processes over time.
This approach has been found to be extremely effective when it comes to cybersecurity program maturity.
The Crawl Phase
During the “crawl” stage, the I.T. team is spending their time ensuring production is running smoothly, ensuring upgrades are complete, hardware is repaired, end-user tickets are resolved, etc. These tasks consume most of their time.
This is where Sedara sees a lot of organizations struggle with going above and beyond to prepare for an advanced attack. It can seem impossible when a majority of your time is spent putting out fires.
So, what can you do?
There are a few simple things, such as asset discovery. Understanding where your business-critical assets are, whether they are internal, external, or cloud-hosted, is one thing to focus on.
The next step would be a vulnerability scan of those assets. This will provide you with any low-hanging fruit that an attacker might find. Low-hanging fruit to an attacker would be something of high value that is easy to attack.
The next thing you want to do is a basic assessment. At this point, you should have an understanding of where your weaknesses are and which of your business assets are critical. You’ll also want to understand what weakness might look like in your organization. Then, you can move to the “walk” phase.
The Walk Phase
The “walk” phase is where you run a penetration test.
A penetration test takes the vulnerability test one step further. Penetration testing is a controlled form of hacking. You take real-world tactics that attackers would use to simulate a hacker trying to get into your network, systems, and applications through the exploitation of vulnerabilities.
Penetration testing will also help you better understand your external assets. Once you have this understanding, you’re ready to move on to the “run” phase.
The Run Phase
If you want to continue to improve the cybersecurity maturity of your organization, consider running a red-team engagement.
A Red-team engagement gauges technical vulnerabilities, business logic flaws, and social engineering. With a red-team engagement, you can also perform advanced remediation, which helps you fix deeper issues, often procedure-related, for lasting cybersecurity improvement. Overall, this type of engagement can take anywhere from 3-6 months.
How Sedara Can Help You
Reach out to us to learn how we can help prepare your organization for when a threat occurs.
Subscribe to Sedara Declassified to get timely updates on new and evolving threats–and what to do about them–just like our clients do.
Prefer to listen to the video in podcast format? We’ve got you covered!