Vulnerability fatigue and continuous security testing are an unlikely pair. One is about getting worn out with the endless barrage of security alerts and warnings. The other is about the ceaseless evaluation of security controls. Many would think the latter cannot be the solution to the former, as it is likely to induce more fatigue.
A report from CCS Insight says that, on average, organizations with more than 1,000 employees use around 70 security products from 35 different vendors. This inevitably results in the generation of tons of security information most security teams are unable to keep up with. At some point, they just start to not care about these alerts anymore, mostly because they know they will not be able to address everything or even the majority of them. Even when they manage to cover a lot of them, they know there are crucial notifications they are bound to miss because of the sheer volume.
A study by ESG shows that around 44 percent of security alerts go uninvestigated. This is primarily because of the shortage of the cybersecurity workforce and the multitude of security solutions used, which contribute to the production of massive amounts of cybersecurity information.
Continuous Security Testing as a Solution
Automated continuous security validation is a cybersecurity strategy that aims to ascertain that the existing security controls of an organization are working according to how they are designed. As the phrase suggests, it is a continuous process of ensuring the effectiveness of an organization’s security posture, not periodic let alone occasional. It may employ artificial intelligence or machine learning to make repetitive processes more efficient and accelerate the analysis of security information to categorize data and present them in an easier-to-digest form.
Certainly, continuous security validation is impractical if done manually. It would be extremely expensive to hire a team to endlessly evaluate the state of an organization’s dozens of security controls. There’s an ongoing scarcity in the cybersecurity workforce, so hiring multiple teams to work in alternate schedules is out of the question. Organizations would have to turn to automated solutions that also take advantage of artificial intelligence.
Automated continuous security validation is capable of testing controls repeatedly and with updated or enhanced parameters as needed. It then reports the most important details to the cybersecurity team for rapid response. It consists of different tools and strategies such as breach and attack simulations, continuous red teaming, and advanced purple teaming, which are designed to boost security visibility while facilitating security optimization and ensuring prompt responses to the detected threats.
Also, automated continuous testing can make use of user and entity behavior analytics (UEBA) to address specific threats such as the abuse of user privileges, data exfiltration, insider threats, and compromised entities. It gathers and analyzes logs and alerts from various data sources to establish behavioral profiles considered as normal and detect those that deviate from the baseline. UEBA empowers cybersecurity teams to significantly reduce not only the false positive alerts but also the false negatives.
Moreover, continuous security testing also takes advantage of globally accessible cybersecurity frameworks such as MITRE ATT&CK to tap into the latest threat intelligence and insights on the most recent adversarial tactics and techniques. These frameworks make it easy to identify, stop, and mitigate the impact of cyber threats.
Non-Fatiguing Continuous Security Validation
How does continuous security validation become a solution to the problem of cyber vulnerability fatigue? Does it not aggravate the issue with its unending nature and tendency to also generate large amounts of security information? It may sound ironic, but continuous security validation is an effective way to address vulnerability fatigue.
For one, automated continuous security validation reduces the number of vulnerability alerts the security team has to attend to. Through machine learning, a significant fraction of security notifications are automatically addressed whenever possible, and the rest are ranked or prioritized based on their urgency. Cybersecurity analysts do not have to go through all notifications. This system makes it faster for them to deal with the most urgent concerns while having an organized approach to addressing the rest of the security alerts.
Another benefit of automated continuous security validation is the idea of adversarial validation, which is a big leap over legacy systems. Legacy systems lack the ability to conduct reconnaissance, sniff, spoof, crack, harmlessly inject malware, move laterally, escalate privileges, and exfiltrate data. In contrast, continuous validation platforms emulate exposures to real adversarial actions to determine which weaknesses to prioritize and present a precise assessment of an organization’s security posture and cyber resiliency.
Legacy systems are good at finding vulnerabilities, but that’s all they do. They cannot differentiate threats as serious, urgent, benign, or some other classifications that make more sense to security analysts and speed up the process of dispensing with security alerts.
Additionally, continuous security validation creates a formula for redoing processes systematically. Security tests can be undertaken again and again with possible tweaks on the parameters or algorithms employed. With this, the resulting security data tends to be more predictable, so security teams do not have to exert the same level of meticulous scrutiny every time tests are done. They only need to look at specific details that may vary based on the changes they made in the tests.
Continuous security validation results in fewer crucial alerts because security controls are tested frequently, so it is possible to establish trends and easily spot issues whenever they emerge. Instead of examining security notifications in bulk under a periodic testing routine, security teams only have to pay attention to notable security events that appear different from the usual activities logged by the continuous testing system.
Countering Fatigue with Efficiency
Ultimately, continuous security validation alleviates the issue of vulnerability fatigue that comes with conventional security testing by making systems efficient. It integrates automation, artificial intelligence, and adversary-appropriate tools and solutions to reduce the number of security alerts that would require the examination and decision of cybersecurity analysts or security teams.
It is understandable for some to be skeptical about this cutting short of processes and dramatic reduction of security alerts, but many organizations can attest to the effectiveness of using continuous security testing solutions to decrease the volume of security notifications without compromising the ability of organizations to properly address threats.
With expertly designed machine learning algorithms and reliable threat intelligence inputs, the automated resolution (of some alerts), analysis, and prioritization of security notifications result in an efficient approach in dealing with security events. It eases the burden of cybersecurity teams, especially the overstretched lean teams, that are usually overwhelmed by the number of threats they encounter on a day-to-day basis.