Intro
VMGroup have partnered with Cymulate to provide Cymulate Continuous Security Validation to our clients. Cymulate enables companies to challenge, assess and optimize their cyber-security posture against the evolving threat landscape, simply and continuously. This is important for our clients as the threat landscape is forever evolving.
The platform provides out-of-the-box, expert and threat intelligence led risk assessments that are simple to use for all skill levels, and constantly updated. It also provides an open framework for ethical hackers to create and automate red and purple team exercises and security assurance programs, tailored to their unique environment and security policies. Cymulate, for security professionals that want to know and control their dynamic environment.
How It Works
Cymulate security validation combines assessments of outside-in reconnaissance, security awareness, infrastructure resilience and security control validation in one platform. Cymulate provides security scoring and actionable remediation guidance for all the following domains:
Outside-in reconnaissance - the Recon vector provides continuous and quantitative technical analysis and scoring for public-facing digital assets and discovers organizational and credential intelligence that a hacker can use in an attack.
Security awareness – the Phishing Awareness vector provides all the resources to create an internal phishing campaign to identify employees who are susceptible to phishing attacks.
Security control validation – Cymulate enables you to orchestrate simulated attacks that validate email, web, web-application, endpoint and DLP security controls either individually or by simulating the flow of an APT across the full attack kill-chain. Out-of-the-box scenarios make it simple for you to launch assessments. The platform is updated daily with new threats, attacks and adversarial tactics and techniques for you to validate the current effectiveness of your security controls against emerging threats.
Infrastructure resilience – the Lateral Movement vector emulates a hacker that has gained an initial foothold in your company’s network and moves laterally in search for valuable assets. It applies hacking tactics and techniques to uncover infrastructure misconfigurations and weaknesses. Cymulate decouples infrastructure lateral movement validation from endpoint security validation (worm malware) so that each vector can be measured and optimized independently.
Red/Purple team automation – The Purple Team module is an open framework for the creation and automation of custom attack scenarios. The module leverages the MITRE ATT&CK® framework extensively, enabling security teams to create both simple and complex scenarios of atomic, combined, and chained commands. The module includes a vast library of commands and tools and a growing library of assessment templates. Customers can create, upload and customize commands, tools and payloads and create their own templates. Custom scenarios can be used to exercise incident response playbooks, pro-active threat hunting and to automate security assurance procedures and health checks
Cymulate continuous security validation is safe to run in the production network and will not disrupt business operations. It is automated and can be performed on demand or continuously. Cymulate is simple to deploy, it requires an agent installed on one standard corporate endpoint, preferably a dedicated machine, and an A/D user account. A typical setup takes less than an hour. External facing vectors, WAF and Recon do not require an agent.
Call our Team today to discuss the platform further and to determine if this suits your needs.
Objective of CTEM Program
Organizations are ready to evolve existing vulnerability management programs but lack a structure of workflow to implement all of the steps of (CTEM) Continuous Threat Exposure Management. To begin implementing the framework of CTEM a revised set of objectives and new workflow are required.
Continuous Threat Exposure Management (CTEM) programme is a set of processes and capabilities that allow enterprises to evaluate the accessibility, exposure and exploitability of an enterprise’s digital and physical assets continually and consistently.
During any stage of CTEM's cycle, it must include the five steps to be completed: scoping, discovery, prioritization, validation and mobilization. Organizations who are constructing a CTEM program can utilise tools to catalogue and classify assets and vulnerabilities, simulate or test attack scenarios and other forms of posture assessment processes and technologies. It is important that CTEM programs have effective and actionable paths for infrastructure teams, system and project owners to take action on findings.
CTEM is cyclical. CTEM processes may be triggered by external factors, such as new business initiatives, organizational changes or newsworthy attack techniques. However, these factors may not necessarily start with the first step of the CTEM cycle. Additionally, to the prioritization of vulnerabilities sand remediations, an organization should receive tremendous value in learning both positive and negative lessons from going through the CTEM stages.
A CTEM program should be the first step in identification and planning for resolution. It requires cross-team collaboration and federation of responsibilities and accountability, particularly where the assessment, tracking, management and remediation of exposure is shared between the participants in the process. For example, security operations can be in charge of assessing, tracking and managing exposure, while infrastructure and operations teams and enterprise architecture functions are responsible for acting on it. One of the main benefits of running a CTEM program is the more structured and repeatable workflow.
Remediation is usually difficult to achieve, as security leaders must first mobilize their teams and ascertain if the resolution to an issue may result in creating friction or other issues with operational business functions. This is what makes the CTEM program necessary as it enables treatments and security posture optimization that goes beyond traditional patching, signatures and playbook outcomes. This allows for optimization capable of maturing independently from the CTEM program.
CTEM Is Not a Tool, It’s a Program
The virtue of a multifunction platform spanning across multiple components of the framework exists, but the purpose of the platform might influence its design. An attack surface dashboard, from an attack simulation or penetration testing platform, will aim at quickly pivoting to the testing component. The same dashboard from a vulnerability prioritization technology (VPT), external attack surface management (EASM) or digital risk protection service (DRPS) product will focus on setting up priorities for remediation.
Organizations in the process of starting their cybersecurity mesh architecture (CSMA) journey will recognize a shared philosophy. As the CTEM program matures, it becomes a key source for the security intelligence layer of the CSMA design
A CTEM program might exploit results from automated assessment technologies, but it is important to reiterate that piling up assessment reports or simply buying a consolidated platform promising to “do it all” will be insufficient. Security operation history teaches us that relying solely on tools creates inevitable diagnostic fatigue and lacks business context for relevant prioritization or successful remediation.
Benefits and Uses
A CTEM program is one part of a comprehensive set of security and risk management programs, aligned with different time horizons and objectives:
- Survive breaches — Detecting and responding to attacks requires near-real-time action capabilities. This is the responsibility of security operations teams focused on defensive approaches (“blue team”) and is outside of the scope of CTEM, but can be enriched by the knowledge gained from a CTEM program.
- Minimize risks — This rarely happens in real time. Business constraints might prevent the implementation of a “quick fix,” and for most organizations, there are simply too many pending issues. That’s why the CTEM program helps prioritize risk reduction actions and optimize resource usage.
- Improve resilience — Requires long-term investments and design thinking that might take years to implement. The CTEM program might better inform the overall strategy.