Blog
Leveraging BAS and MITRE ATT&CK for Threat-Informed Defense
Read More
Now that endpoint detection and response (EDR) solutions have become standard, it’s time to look at what’s next. In light of the ever-increasing attack surface, rampant proliferation of ransomware, and continued remote work environments, security leaders must proactively find new and innovative tools to protect endpoints from attack.
The Gartner Hype Cycle for Endpoint Security, 2023 “illustrates the most relevant innovations in the endpoint security space to assist security leaders in planning adoption and implementation of emerging technologies.” “The Hype Cycle for Endpoint Security tracks developments that help security executives defend their companies. Two tendencies occur when technology evolves:
- New endpoint technologies include endpoint access isolation, endpoint-agnostic workspace security, and endpoint protection toolset integrations and upgrades.
- Net new security investments may focus on new technologies and suppliers since most purchasers consolidate vendors.”
“Endpoint security innovations focus on faster, automated detection and prevention, and remediation of threats powering integrated, extended detection and response (XDR) to correlate data points and telemetry from solutions such as endpoint, network, web, email and identity. Methods to provide lightweight, secure remote access remain in demand driving desktop as a service (DaaS) and endpoint and browser isolation for increased control and security posture. We see continued adoption of zero-trust network access (ZTNA), increasingly as a part of security service edge (SSE) or a wider secure access service edge (SASE).”
BAS is a highly automated solution that leverages the tactics, techniques, and procedures (TTPs) used by malicious actors to safely run real-world attacks against production applications and infrastructure in an organization’s own IT environment to proactively test security control efficacy. To accomplish this, simulators are deployed in different areas of an organization’s network to facilitate attack execution. Users can then continuously run attack scenarios to monitor whether the organization’s security controls effectively detect, prevent, and mitigate the attacks. BAS platforms will aggregate simulation results in the form of visualizations, dashboards, and reports that provide insights on security posture and resilience.
According to Gartner, “BAS allows organizations to validate the impact of what attack surface assessments and security posture management tools indicate as potential exposure to a specific threat. Organizations can continuously execute these assessments to gain more frequent visibility on a larger percentage of their assets. They can evaluate the efficacy of their security controls and discover attack paths leading to their most critical assets, allowing them to prioritize remediation.”
SafeBreach offers the industry’s most comprehensive BAS solution that continuously simulates real attack scenarios to test the efficacy of an organization’s security ecosystem, identify security gaps, and link them with the potential business impact, so organizations can prioritize and remediate them effectively. Today, most organizations’ understanding of their level of security is based on limited, point-in-time snapshots. SafeBreach offers a new approach–continuous validation that empowers organizations to get proactive about security and replaces hope and fear with real-world data and real-time action.
Gartner provides the following user recommendation: “Integrate BAS in a cybersecurity validation roadmap, as part of a continuous threat exposure management (CTEM) program. Don’t run BAS in isolation.” This is also what SafeBreach has found best works with the customer. SafeBreach provides reports that CISOs and IT professionals can use to educate C-level executives and board members on their security posture and level of risk. In addition, the SafeBreach Security Posture Optimizer ensures that results are actionable and progress can be tracked over time.
Gartner, Hype Cycle for Endpoint Security, 2023, Franz Hinner, Satarupa Patnaik, Eric Grenier, Nikul Patel, 1 August 2023
GARTNER and HYPE CYCLE are registered trademarks of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
