This year will be the biggest test to date for security organizations. With a rapidly changing threat landscape, sprawling attack surfaces with remote workforces, and exponential growth in ransomware attacks, organizations of every size are revisiting their security priorities to ensure business continuity.
And the list goes on.
Our goal is to take a clear-eyed look at the state of security in 2022 and build confidence in our security postures. According to the Merriam-Webster Dictionary (sorry, I know I should have used the Oxford English Dictionary), confidence is defined as:con·fi·dence | \ ˈkän-fə-dən(t)s, -ˌden(t)s \
For our purposes, I want to focus on the second definition, “a feeling or belief that someone or something is good or has the ability to succeed at something.”
Almost every IT function uses the same basic concept of having a staging area, or sandbox, to conduct testing and development work and then push things into production. For security teams, it’s equally important to test and validate the entire tech stack. According to the Gartner 2021 CISO survey, “78% of CISOs have 16 or more tools in their cybersecurity vendor portfolio, with 12% of CISOs having 46 or more tools.” Getting all of these products optimized and working in congress is not a trivial task and is one of the many things that makes a CISO’s life challenging.
Adding a cyber range to create a full-stack security development environment is one of the best ways to achieve a high level of cyber confidence and protect your organization and people.
For those of you who say, “wait, that looks like a DevOps model,” you are not wrong. We believe that in 2022, security leaders should apply the same model to drive continuous improvements in strategy, engineering, optimization, training, validation, compliance and integrations within production environments.
In this new security model, production environments are dynamically cloned on a cyber range so you can:
One of the key tenets of the scientific method is to change one variable and then assess the results before moving to the next step. In complex systems, making any change comes with an inherent risk. Will a change in one part of the system impact another part of the system? As an example, let’s look at how a cyber range-based security development life cycle can help you build confidence in your next Zero-Day patch deployment.
Now let us consider the ever-recurring Zero-Day event. Good vendors will respond promptly and provide you with a “tested” patch when those events occur. However, vendors often provide patches that have been tested together. This is one of the primary reasons for adding a cyber range to your arsenal of security weapons. A few hours of testing against the cause of the Zero-Day on a range will let you see how all the patches work together. You will be able to export this data to your SIEM for more in-depth analysis and ensure the fixing of one problem does not cause others.
According to a recent article in Dark Reading, nearly 60% of breaches are caused by patching issues. These breaches can occur because patches are not applied, applications can not be updated at a given time, or due to compatibility or other issues. It seems simple to those outside of security teams: The patch is there, just install it. However, those inside security and applications environments know it is not that simple.
This is one of the primary reasons to add a cyber range. It will lessen the pressure to “patch and pray” and enable your security and application teams to “know before they go.” We all know the old adage, “An ounce of prevention is better than a pound of cure,” or as my shop teacher told me, “measure twice, and cut once.” Whichever analogy jumps to mind for you, we all know having the right tools to test before we deploy will raise our confidence that we are doing the right thing for our teams and organizations.
It's easy to write a blog, but more difficult to run a security team with confidence. Our customers include the US Cyberdefense Command, which must constantly fend off well-funded and organized criminals and nation-state threat actors. Five of the top 10 banks trust us to power their threat intel and incident response functions. We experience the same security challenges alongside you every day, have the same operational demands and fight the same fight as you. We don’t just recommend the cybersecurity development life cycle, we live it and use it daily. In this series, we will share what we, our partners and our customers experience.
Want to learn more about how SimSpace can help you build confidence in your teams, technologies and processes? Click here to request a demo.
Take the next step toward continuous security improvement
With SimSpace, you can assess
and optimize your complete
security posture — all in one platform