The extent to which the benefits are maximized and the risks mitigated will depend on the quality of governance — the rules, norms, standards, incentives, institutions, and other mechanisms that shape the development and deployment of each particular technology. Too often the debate about emerging technologies takes place at the extremes of possible responses: The real challenge lies in navigating between these two poles: This task is becoming more pressing as technological change deepens and accelerates, and as we become more aware of the lagged societal, political and even geopolitical impact of earlier waves of innovation.
Three Emerging Technologies to Accelerate Incident Readiness By Ashley Arbuckle on July 12, Tweet Purple Teaming is a Boon to Incident Readiness and Response Cyber risk is now widely recognized as one of the top business risks globallyand executives are asking their security leadership what they can do to be better prepared and mitigate this risk.
Dusting off that incident response plan when something happens is far from adequate. Organizations need strong incident response capabilities but also incident readiness. To hone their skills, security teams are turning to various exercises designed to help them better anticipate threats and practice their response.
One of these exercises is Purple Teaming. Instead of an extended war game, Purple Teaming is collaborative and iterative. It brings the Red and Blue Teams together through a more informed and continuous process designed to help the defenders actively get better at mitigating risk from real-world, highly sophisticated attacks.
The attack force informs the defense force of the planned attack, executes it, explains the security gaps it took advantage of, and then rewinds so that the defenders can immediately refine their response.
The Purple Team model is designed so that organizations can improve their security posture throughout the exercise to capture immediate and ongoing value.
But still, participants often rely heavily on manual methods to execute and defend against attacks. This limits what you can accomplish when resources are tight — both time and budget.
However, what if you could use technology to increase the frequency and depth of these exercises to gain even more value, faster? These three technologies are emerging as innovative ways to automate and fine-tune Purple Team activities. With an analytics platform that provides a very detailed, informed view of what the attack landscape looks like, you gain an even clearer picture of the risks your organization faces, faster.
By automating reconnaissance and some of the attack mapping, this technology allows you to quickly understand the critical assets and the associated threat models.
For example, with an inventory of everything on your network, including versions and patch levels, you can correlate that information to public threat and vulnerability databases to quickly generate a list of potential vulnerabilities on the network.
Red Teams can use this information to develop more mature and sophisticated attack scenarios, and Blue Teams can use this information to address security gaps more quickly. Developed years ago, earlier iterations of application performance management APM tools were cumbersome and lacked detail.
Providing views into the objects and methods used in an application, the data flow, and where data is being processed, you can understand the weak points that attackers may use to their advantage.
Off the radar and long forgotten, these pages are a soft spot that attackers look for and many times vulnerable. APM tools can automatically perform reconnaissance to reveal and add this level of detail to Red Team threat modeling and provide security analysts on the Blue Team the insights they need to strengthen defenses.
Automating much of the activities a Red Team would do, this new technology does the heavy lifting of emulating attacks on your network to test incident readiness.
It can be used by the Red Team to rapidly target activities, such as emulating a specific type of ransomware campaign or the latest denial of service DoS attack in the headlines.
The Blue Team can learn if their layers of defenses are working as intended, identify true cybersecurity gaps, and determine how to make the best use of the resources they have and where to prioritize investments.
Purple Teaming is a boon to incident readiness and response. To continue to hone its effectiveness, we need a blend of the right people, process, and technology to enable forward thinking, security analysis techniques.
These emerging technologies are just a handful that you can use to gain the visibility and automation necessary to get more from your incident readiness and response efforts.
Arbuckle started his career in security consulting at PwC working with Fortune customers.
Previous Columns by Ashley Arbuckle:Policy Horizons Canada worked with futurist and data visualizer Michell Zappa of Envisioning to produce a report called MetaScan 3: Emerging Technologies and accompanying nationwidesecretarial.com are.
Shoof connects and transports data from your assets to the cloud in a reliable, secure, scalable and low-cost manner. Building upon advanced wireless technology with edge intelligence, the Shoof solution combines this low-cost infrastructure with flexible cloud data access and a .
Ubiquitous sensing enabled by Wireless Sensor Network (WSN) technologies cuts across many areas of modern day living. This offers the ability to measure, infer and understand environmental indicators, from delicate ecologies and natural resources to urban environments.
5 Emerging Technologies Making Their Way into the Mainstream Tomorrow's technology will enhance citizen services while improving how government functions. Now is the time for other stakeholders, including government at all levels, to encourage and promote 5G deployment in order to make this future our shared reality.
Movies & TV Movie Accent Expert Breaks Down 28 More Actors' Accents. Dialect coach Erik Singer once again analyzes the accents of some of Hollywood's biggest names.