Reducing Exposure Time with Breach Simulations
Last Wednesday, Chipotle Mexican Grill disclosed that it detected unauthorized activity on the payment-processing network that supports its restaurants. This follows similar breach announcements from Yahoo!, Atlassian, InterContinental Hotels Group, and many many others.
As painful as something like this is, Chipotle has done a fantastic job handling this breach once it was detected: it notified the authorities and payment card processors, it contained the breach and took additional measures to reduce the changes of future breaches and it issued a press release to notify its customers and shareholders.
While we have to tip our hat to how well Chipotle dealt with this crisis, what troubles me is that it took Chipotle almost four weeks to identify the breach.
To make things even worse, I find myself wondering how long Chipotle was exposed to the issue that led to the breach, without noticing or taking action to remediate the issue.
Talking to CISOs, and especially smart, forward-looking CISOs, I usually hear that reducing the exposure time is one of the major problems they deal with. As one CISO I talked to put it: "Mistakes are bound to happen. Someone will always misconfigure a solution or accidentally setup something incorrectly when deploying a security control.
This leads to exposure of getting breached. Usually, once my team finds out about an issue like this, they make sure I learn about it within minutes and they usually fix it within a couple of hours. The real problem is - it usually takes my team 2-3 months to identify the issue to begin with".
And that is exactly the problem.
How can smart security organizations shorten their exposure time knowing that these mistakes are bound to happen?
Usually, the best way to identify exposure to these sort of risks includes penetration testing or using a in-house red team. However, these are manual processes and they simply cannot test everything fast enough to reduce the exposure time to minutes or even hours.
The only real solution to this problem is continuous security validation using breach simulations. Security organizations need a solution that tests their exposure continuously and automatically and can alert on changes to the security posture in real time.
Continuous security validation solutions, like SafeBreach, allow security teams to do what they do best - take action and fix the issue before it becomes an actual breach.