Technology is changing, and the security strategy needs to change with it
We are living in an age of unprecedented digital transformation. In the last 18 months, we’ve witnessed changes which might have seemed impossible only a few years ago. The global pandemic has forced many companies to enable remote work on a massive scale and migrate to the cloud for their own survival. As Microsoft CEO, Satya Nadella, said early in the pandemic, “we have seen two years of digital transformation in two months.”
That’s just a small stretch of an ongoing evolution. The last few decades have given birth to technologies like the Cloud and the IoT, which have been enthusiastically adopted and have become daily features of enterprise IT. The upcoming technological advances promise more change to come.
Enterprise IT has changed. We can no longer think about security in the way we once did. The modern digital enterprise is constantly evolving, its architecture is complex, its attack surface is scattered, its assets are dispersed and its security infrastructure cannot keep up.
A new threat emerges
Threats have transformed too. Attackers are increasingly finding ways to work their way around firewalls, perimeter-based defences and rules-based antivirus engines. A recent study by MIT Technology Review predicts that Artificial Intelligence will soon be a regular feature of cyberattacks. Attackers, the study predicts, will use it to launch autonomous assaults on an unprecedented scale as well as increase ransomware and phishing campaigns.
For decades, governments, militaries and private businesses have used Red Teaming to test their digital security systems against potential threats. These simulations have become a central part of defending against current and future dangers. In fact, simulating attacks on digital infrastructure is the only way to find out how well prepared one is for a real attack.
However, the large majority of Red Teaming practices don’t come close to simulating or defending against, the reality of modern threats. Such tasks are expensive and they cannot comprehend the full scope of what they're trying to defend. Many Red Teaming practices are seen as a box-ticking exercise or carried out only after a breach has been suffered. Often, companies only test occasionally because they either don’t have the internal expertise or find the practice prohibitively expensive.
Gartner notes that most organisations only carry out red team exercises annually or on an ad hoc basis. Given the current pace of digital transformation, this is vastly inadequate as a large amount of vulnerabilities, breaches or compliance violations can and do unfortunately emerge during that time.
Autonomous event-driven testing
Cybersecurity talent is in short supply; security teams are weighed down with intrusive tools which cannot offer the right insights and digital transformation is opening up new risks while threats evolve past our ability to defend against them. It’s this new landscape which Hadrian wants to confront - one which is shifting faster than many can map or secure.
The key to success here is event-driven scanning. Many organisations schedule scans of their infrastructure on a weekly basis but these don’t get to the root of the problem. They waste resources by scanning assets that haven’t changed and they miss the ones that do change when those events are shorter than the scanning frequency. At best it’s inaccurate and too frequent and at worst it can be fatal.
This is where event-driven scanning makes its mark. It does not scan based on some arbitrary CronJob, but when things actually happen. That means that any time a change is detected on a digital asset, Hadrian will run the relevant tests to see if it is still secure.
How we do it
Once integrated into security systems using APIs and webhooks, Hadrian’s platform carries out three separate steps to assess a client’s security.
Exploration: Hadrian first maps all of the digital assets within a client's infrastructure including cloud, third party servers and everything outside of the traditional network perimeter.
Testing: Hadrian continuously deploys thousands of tests to find weaknesses, vulnerabilities or exposures. When it detects a change - it autonomously performs relevant scans and verifies it has not opened up new weaknesses in the environment.
Interpretation: Hadrian uses ML modelling to interpret the risk of those potential weaknesses and flag critical issues.
This process allows clients to see the changes in their digital infrastructure that expose them to attacks. The platform thus improves the digital security of its clients as they digitally transform. At the same time, Hadrian constantly evolves and integrates new tools and practices as its analytical dataset grows.
Technology has changed and defenders need to adapt
Organisations need to adopt different security strategies to keep pace with their ambitions and the threats arrayed against them. Hadrian is building an autonomous platform that adapts to digital transformation, provides proactive security insights and offers a hacker’s viewpoint on the ever-evolving modern enterprise.