Using Automated Attack Emulation for Continuous Cybersecurity Control Validation

Enterprise security teams benefit from the collection and analysis of data to determine their cybersecurity risk posture. When performed properly, these tasks reduce uncertainty about situational security status by showing how posture aligns with a defined metric. Data collection and analysis provide visibility into how the organization is managing risk. World-class security teams rely on such tasks for their day-to-day work.

An important aspect of the collection and analysis process is the degree to which tasks are continuous. All too often, quantitative data is extracted or derived based on a point-in-time status, which results in information that begins to grow stale immediately after collection. Security tests for annual audits, for example, will often result in measured data that becomes gradually out-of-date until the next scheduled audit.

In this paper, we outline how continuous automated security control validation can drive improved management of cybersecurity risk. This is shown to be best accomplished in modern commercial platforms by running carefully planned adversary attack emulations across security controls to demonstrate their proper operation — or in some cases, to expose degraded security operations that require management attention.