The best way to evaluate your security program is to actively test it. Considered, thoughtful attacks yield better team defense. That said, two of the (many) downsides of sporadic red-team testing is that it only captures a specific moment in time and there is no true education function. The red team doesn’t carry the obligation to improve corporate defense, and so without proper guidance the blue team will continue to struggle. To combat this disconnect, security organizations should consider a different approach. When used in conjunction with traditional red-team testing, an Active Cyber Defense (ACD) managed service strategy can achieve a much more effective internal response to both red-team testing and actual outside threats. A healthy ACD approach should include evergreen cyber risk assessment services that stay relevant to ongoing and evolving threats. Framing the service in either a NIST (US Government), CIS (Center for Internet Security) or a client-customized (probably the right answer) controls architecture will ensure that the program stays in line with the latest controls.
Once implemented, the program measures the client’s security program maturation and creates a mechanism to tune the ACD direction in-flight. Success of an ACD program depends on a deeper integration with the organization’s internal security operations team. To best empower the internal team, ACD utilizes intentional, iterative, progressive red- team tactics. The goal is not to merely find vulnerabilities, but also to work hand-in-hand with the internal security operations team to remediate them, verify they are no longer a threat, and then find more. This creates an ongoing red team exercise, where the attacker’s sole goal is to cooperatively improve enterprise cyber defense. For more on the service see our ACD White paper on Active Cyber Defense SOC Maturation Services by Mosaic451