Bringing DevOps Speed, Efficiencies and Benefits to Cybersecurity

My biggest take-away from over two decades in cybersecurity? The most elegant solution are ones that are simple to implement, have an element of automation and are easily incorporated into existing activities seamlessly. With digital innovation leading to accelerated and automated DevOps, one of the most important things we can do to reduce risk in the enterprise is to begin to incorporate cybersecurity into enterprise CI/CD pipelines. Now, as breach attack simulation and automated purple teaming becomes strategic to reducing risk and optimizing security controls in a continuous security validation fashion, these offensive testing techniques can be incorporated as well. For cybersecurity managers and business leaders, adoption of these solutions means they know what portions of their cybersecurity investment to keep and what to get rid of. Their spend is optimized. They can effectively measure, explain, and reduce cybersecurity risk. For cybersecurity practicians, when done right, these solutions allow you to optimize your security controls, your incident response processes, and train your personnel.

In adopting both technologies there are four key caveats in best practice adoption:

  1. Ability to utilize existing cyber workforce: With a large global shortage of highly skilled cybersecurity professionals the solution must be useable and accessible to a wide array of skill sets.
  2. Adopted in a continuous security validation manner: The platform must be updated daily, automatically, and capable of being run in a continuous security validation fashion.
  3. Actionable intelligence updated constantly: Since threat actors change and evolve daily, there are inherent needs for these solutions to make new intelligence immediately actionable by adding new tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to the solution when discovered.
  4. Comprehensiveness: These solutions must be able to test in production safely using real workloads and real tests across all stages of the kill-chain. It needs to include reconnaissance checks of enterprise against darknet and Internet INT and OSINT. It must include phishing campaigns against the enterprise staff. Attacks must include pre-exploit and post exploit and be able to work across your entire environment from legacy premises, virtualized, cloud, SaaS, and containers.

Incorporating into the CI/CD Pipeline

The main tool of someone in DevOps is to utilize play books. Whether Chef Puppet or Ansible, these play books provide seamless integration automation allowing entire environments and thousands of servers to be implemented in a matter of a few mouse clicks. Cymulate’s well documented API set means the DevOps professional can easily create in a CI/CD pipeline image, spin it up, and test it against thousands of the most recent attack tactics, techniques, and procedures (TTPs) and indicators of compromise (IoCs). Based on the resulting rating, the DevOps professional can easily make a go/no go decision on whether that image becomes implemented into production or whether it returns to the development environment for increased tuning. The Cymulate solution, which ties into hundreds of security control solutions, not only provides prescriptive, easy to follow remediation advice on how to shore up security controls but executive summary reports as well.

For the article, Cybersecurity Researcher Michael Loffe and I ran an image build using Jenkins, the well-known, free, and open-source automation package. In Example Image 1 below, as part of the Jenkins build, we added an assessment to check against Cymulate’s Purple Team module being pulled up via REST API key looking for a 40% or better success rate percentage to give the build a passing grade.

Example Image 1

cymulate_Image_1.png

In the initial run we see the test image spun up and was tested against Cymulate’s Purple Team module. Looking at the Console Output, the score is greater than the 40% success rate threshold and the build received a failing grade and was returned for better tuning to be tested again. (See Example Image 2).

Example Image 2

cymulate_Image_2.png

This example is elegant, simple, and only adding 3.5 seconds to the build time — adoptable. By incorporation into any DevOps CI/CD pipeline we can add purple teaming tests that will result in tighter image and third-party security controls while keeping the speed and simplicity intact. Subsequent runs of the tests after controls were tightened show risk was ameliorated to an acceptable level and that the workload is pushed it to production. By accomplishing this we have incorporated purple teaming into the shift left, CI/CD pipeline. Digital innovation with all its speed and agility CAN be accomplished hand in hand with cybersecurity.

One of the newer players in the field Cymulate is already one of the largest. In a third-party comparison of vendors, Cymulate won Frost & Sullivan’s Best Practices in Global Breach and Attack Simulation scoring first in innovation and second in business expansion and market share.

For more Information, visit www.cymulate.com and register for a Free Trial.

Dave_Klein-cymulate.jpg

Dave Klein is the Director of Cyber Evangelism for Cymulate. With more than 21 years of real-world cybersecurity experience, he works with Cymulate teams, customers and industry thought leaders to address the challenges of securing modern enterprise environments. Dave’s long career includes working on the NIST response to President Obama’s Policy Directive 21 on Critical Infrastructure Security and Resilience, leading some of the largest sales engagements for US Federal security solutions, and working with the City of New York post 9/11, helping shore up defenses.

Note: This article have been indexed to our site. We do not claim ownership or copyright of any of the content above. To see the article at original source Click Here

Related Posts
State-sponsored Chinese crims targeted India with tax and COVID phishing thumbnail

State-sponsored Chinese crims targeted India with tax and COVID phishing

Blackberry's Research and Intelligence Team has uncovered three phishing schemes targeting Indian nationals, and says a Chinese state-sponsored malware gang is the culprit. Blackberry identified the responsible party as APT41 – a prolific Chinese state-sponsored cyberthreat group that has carried out what Fireye called "espionage activity in parallel with financially motivated operations" since at least…
Read More
Oppo Reno6 5G in review: High-quality mid-range smartphone thumbnail

Oppo Reno6 5G in review: High-quality mid-range smartphone

Oppo Reno6 5GMediaTek Dimensity 900, Mali-G68 MP4, 8192 706 Points ∼62% Samsung Galaxy A72Qualcomm Snapdragon 720G, Adreno 618, 6144 555 Points ∼49% -21%OnePlus Nord 2 5GMediaTek Dimensity 1200, Mali-G77 MP9, 12288 809 Points ∼71% +15%Sony Xperia 10 IIIQualcomm Snapdragon 690 5G, Adreno 619L, 6144 590 Points ∼52% -16%realme GT 5GQualcomm Snapdragon 888 5G, Adreno 660,…
Read More
小米12国际版在Geekbench上被发现 运行Android 12系统 thumbnail

小米12国际版在Geekbench上被发现 运行Android 12系统

根据最新出现的Geekbench跑分数据列表,小米12的全球版本可能带有一个2201123G的型号。该列表显示了一个8GB内存的版本,同样采用骁龙8代芯片组,与中国的机型类似。运行的是Android 12系统,很可能上面同样运行有MIUI。但我们不确定这是否意味着小米12会在近期开始全球销售,预计需要再等几周才能确定。小米12的全球版本在运行Geekbench 5.4.4时拿下了711的单核分数和2834的多核分数,这款机型采用6.28英寸FHD+AMOLED屏幕面板,提供120Hz刷新率,由大猩猩玻璃Victus保护,三个后置摄像头,包括一个5000万像素的主传感器,一个1300万像素的广角单元,以及一个500万像素的微距传感器。这款手机还配备了一个3200万像素的自拍相机,以及一个支持67W快速充电的4500mAh电池。
Read More
TOGG uluslararası ödüle layık görüldü! thumbnail

TOGG uluslararası ödüle layık görüldü!

Yerli otomobil TOGG' uluslararası bir ödüle layık görüldü. TOGG Tüketici Elektroniği Fuarı CES 2022'nin (Consumer Technology Association) en iyi 20 markasından biri seçildi. 28.01.2022 13:00 28.01.2022 13:00 Yerli otomobil TOGG resmi twitter hesabından yaptığı paylaşımla ilgileri üzerine topladı. TOGG hakkında "Sektörünün saygın yayını Exhibitor, 2 bin 300 katılımcı arasından CES'in En İyi 20 Markası'ndan biri…
Read More
Index Of News
Consider making some contribution to keep us going. We are donation based team who works to bring the best content to the readers. Every donation matters.
Donate Now

Subscription Form

Liking our Index Of News so far? Would you like to subscribe to receive news updates daily?

Total
0
Share