Safetech event: Systematic validation of cybersecurity with Picus Security and Safetech
Continuous validation of security posture has become increasingly used globally as organizations understand the accelerating dynamics of the cybercrime environment. The approach is based on Breach and Attack Simulation (BAS) solutions that simulate real world cyber threats to continuously validate, measure, and enhance the effectiveness of organizations’ cyber defenses. The key element of a BAS solution is the ability to simulate an attack in the most realistic way and with the most advanced tools and methods, so that architecture testing is solid, without affecting users and targeted digital resources.
Safetech Innovations recently organized together with Picus Security an event dedicated to validating and optimizing the security posture with a BAS solution.
Validate your security posture with Picus
“Optimizing security posture must become the core of an organization’s security strategy and reinforce all concerns for effective cyber risk management” , told to the audience Bilgin Demir, Regional Sales Manager at Picus Security. His presentation highlighted both the competitive advantages of the Picus Security platform and the technological partnership relationship developed with Safetech Innovations.
Recommended with a score of 4.8 out of 5 in Gartner Peer Insights for Breach and Attack Simulation (BAS) solutions, Picus Security simulated over 120 million real attacks in 2023, managing to make beneficiaries understand if their security solutions achieve their goals.
Picus Security differentiators include:
- Single management interface
- The existence of an extensive library of attacks, which is constantly updated
- Extreme realism of attacks and complex alert validation/invalidation mechanisms
- Score analyses for a correct assessment of security posture
- Advanced mitigation options with specific recommendations for each component of the security architecture
- Coherent and intuitive reports for IT specialists, but also for business decision-makers
- Extensive integration options with the most diverse security solutions and equipment on the market
- Cloud instance auditing capabilities (AWS, Azure, Google) with the ability to identify misconfigurations
According to Bilgin Demir, Picus Security primarily tests the level of prevention. The solution simulates a set of attacks and we observe which attacks are blocked with already existing infrastructure and solutions and which are not. To increase the realism of simulations, users can select attacks specific to their geographical region and field of activity. The second level is detection. We track attacks that are not blocked to see if they are detected and reported to those responsible. We also evaluate the type of alert, because reaction speed is extremely important. If we simulate a ransomware attack, and the team is alerted after 1-2 hours, the interval is impermissibly long, because during this time the attacker can encrypt the entire database and even demand a reward.”
The last stage is that of mitigation and is one of Picus’ differentiators. Several BAS solutions can make assessments and identify security gaps in an organization. Picus, however, places great emphasis on correcting errors and optimizing security posture. In this regard, after completing a simulation, the solution generates mitigation recommendations, specific for certain suppliers (if there is direct integration with them) or general. “”Through these recommendations, Picus increases the efficiency level of all security products used by a beneficiary and implicitly accelerates the degree of return on investment in these solutions”, said Bilgin Demir.
Practical scenarios of Breach and Attack Simulation
In the second part of the event, Rareș Vlad, Security Consultant in the Safetech team, presented several scenarios for using the Picus Security solution, tested in the Safetech laboratory. The scenarios included simulating attacks on various IT architecture and cybersecurity configurations and focused on how specific solutions react, such as detection, blocking and alerting.
The scenarios included:
- Firewall testing, which aimed to validate security controls at NGFW solution level, by simulating a network infiltration attack,
- Endpoint testing without an EDR installed, with Windows or Linux operating systems,
- Endpoint testing with EDR installed, also with Windows and Linux operating systems,
- Attack path validation aimed at gaining privileged account credentials (AD domain admin) by applying a suite of attack scenarios.
For each scenario, the Safetech specialist presented the infrastructure used in the laboratory, the specific type of attack used, its effects, the concrete way in which the implemented security solutions reacted (blocking, detection, alerting), as well as the remediation mode (specific or general) proposed by Picus.
”Picus Security works like a pentest team. It can run custom simulations through access to an extremely diverse library of attacks, specific to certain economic verticals or geographical regions. It shows exactly the vulnerabilities that attackers exploit, how implemented solutions react and what gaps need to be addressed in a company’s security. Moreover, Picus automates these processes and ensures continuous validation of the security posture. It is an important advantage, because a configuration may be correct at some point, but the situation may change over time,” said Rareș Vlad.
Picus Security by Safetech Innovations
In Romania, the Picus Security solutions are available through Safetech Innovations, starting with 2023. Safetech ensures optimal implementation of the Picus platform through a team that includes experts in pentesting, attack detection and forensic red team analysis. All team members have ethical hacking certifications and certain technical certifications from Safetech’s technology partners (over 20 in number).
”Safetech is an important technology partner for Picus Security because it brings consistent added value to projects. Not all companies that want to use Picus Security to validate their security posture have the right staff to do so. This is where Safetech comes in, which can offer Picus Security as a managed service, which means that it will provide support to beneficiaries in configuring the solution, running simulations, validating security controls and actually performing mitigations. Safetech specialists have the level of expertise needed to provide customers with confidence in the Picus Security solution and support for efficient exploitation,”said Bilgin Demir, Picus Security.
Safetech’s strategy is to bring new solutions to the portfolio, only after careful testing. The Picus solution was evaluated for one year to convince the Safe team that it can deliver services based on this platform under a Managed Security Service Provider (MSSP) program. Within this program, specific Breach and Attack Simulation services include: evaluation of anti-ransomware protection, testing security controls, virtual CISO, remote work safety assessment and validation of various implemented technologies (firewall, email gateway, SIEM, EDR, etc.).
Safetech Innovations is one of the most experienced cyber security companies in Romania. We have 12 years of activity and over 600 completed projects in this field for clients from multiple economic sectors.
Currently, Safetech Innovations employs over 60 employees, of which 40 are members of the technical team.