In Greek mythology, Sisyphus was the founder and first king of Ephyra. He angered the gods on numerous occasions – killing travelers and guests in his city, chaining Hades (so no one was able to travel to the underworld), and tricking the queen of the underworld to let him return to the land of the living. For the crime against the gods, he was condemned to ceaselessly roll a rock to the top of a mountain, whence the stone would fall back down, and he would have to do this all over again.
The god’s rationale for his punishment? That there is no more dreadful punishment than futile and hopeless labor.
Vulnerability management is this Sisyphean task for security teams.
Every day, we need to deal with:
What security teams are missing is that there is more to security than vulnerabilities. Even if you completely patch all your vulnerabilities, there is no guarantee that you will not be breached. An attacker uses comprehensive sets of techniques like brute-force, malware, social engineering.
If you’re involved in making decisions around securing your organization, it’s important to gain the full picture of how an attacker would target you. Breach simulations allow you to understand the true business impact based on the types of assets you’re trying to protect, and the types of attackers you’re protecting from. This “big picture” identifies probable breach scenarios on a continuous basis, and gives you the benefit of time to proactively address any issues. When you simulate breach scenarios across the kill chain, you can also select the best possible way to break this kill chain, based on your strengths. This is a big advantage for you as a defender.
The additional side benefit is that by understanding the types of breach methods that can be successfully executed, you can drill down into the vulnerabilities associated with them. Take a look at the example below, where the Flashpack Exploit kit was successfully executed between the SafeBreach infiltration simuator and the simulator in the customer database. Our simulations provide details of the associated CVEs for the exploit kit that can be prioritized and addressed.
If you want to hear more about our perspective on vulnerability management, check out our on-demand webinar here - “Is Vulnerability Management Dead? Three Reasons Why You Need Breach Simulations”.