- A security official at CISA recommends organizations improve their defenses by continually validating their security program.
- CISA and the Center for Threat-Informed Defense stated that most threat actors are relying on known vulnerabilities while attacking.
- CISA is making the recommendation in collaboration with the Center for Threat-Informed Defense, a 29-member nonprofit organization formed in 2019.
US and international agencies published guidance that advises organizations to improve their defenses by continually validating their security program against known threats, instead of a more piecemeal approach. The officials stated that automated threat testing is not very widespread. Also, some organizations aren’t following through after the deployment and they assume that these tools are doing the job.
Exploiting old vulnerabilities
CISA and the Center for Threat-Informed Defense stated before that automating security controls will make it easier for organizations to stop threat actors from relying on established tactics. According to the CISA official, some of the most notorious threat actors are still exploiting vulnerabilities that are up to 10 years and older.
There are various cybersecurity companies offering breach and attack simulations along with other security validation services but CISA said that the agency is agnostic about the vendor that companies should prefer. Martin Petersen, the chief information security officer at ISS A/S said that after a ransomware attack, he convinced the organizations to start automated testing and signed a three-year contract with AttackIQ, a founder member of the Center for Threat-Informed Defense.
Petersen said the company had improved tamper protections for its 60,000 endpoints, which made it harder to deactivate the malware protection as a result of continuous testing and fixed Windows configurations and firewall settings.