How Are Those Cyber Security Strategies Working, Java Fans?

December 16, 2021

As hackers’ methods evolve, so do efforts to thwart them. The SmartData Collective describes “3 Strategies Employed by the Leading Enterprise Cybersecurity Platforms.” We wonder whether the FBI implemented these methods. If so, we think the recent hack of that agency’s systems raises some questions. That case aside, writer Matt James’ reports:

“Stephanie Benoit-Kurtz, Lead Area Faculty Chair for the University of Phoenix’s Cybersecurity Programs, offers a good summary of the changes security organizations should anticipate, especially in the time of the pandemic. ‘The threat landscape over the past 18 months has significantly changed in complexity and frequency of attacks. Long gone are the days when a lone wolf attacker was manually knocking at the door.’ To get acquainted with the ways security firms are handling the new breed of threats in cyberspace, here’s a rundown of the notable strategies the leading cybersecurity platforms and security firms are offering.”

First up is breach and attack simulation, or BAS. As the name implies, this cybersecurity platform feature tests systems for potential weaknesses. Next we learn about continuous automated red teaming (CART). Red teaming is the labor-intensive practice of having a group of white-hat hackers test one’s system for vulnerabilities. It has gotten difficult for mere humans to keep up, though, so automating the process was the logical next step. Finally, there is advanced purple teaming. This color-blending method relies on collaboration between test-attackers (red) and defense teams (blue). This seems so obvious we wonder why it was not being done all along, but apparently departmental silos are resistant to common sense. See the write-up for details on each of these approaches. James concludes:

“Many of the world’s top cybersecurity platforms and security solution providers have already embraced breach and attack simulation, continuous automated red teaming, and advanced purple teaming. These strategies in securing organizations may be relatively new, but cybersecurity professionals can vouch for their effectiveness in view of the new kinds of problems presented by cunning malicious actors in cyberspace.”

This may be true, but these measures will only work if companies, and agencies, actually put them in place. Organizations that drag their feet on security are taking a real risk. Yep, open source Java tools. No problem, right?

Cynthia Murrell, December 16, 2021

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta