Previously in this space we’ve covered how Tidal Cyber Enterprise Edition and Breach & Attack Simulation (BAS) tools complement each other in a mature Threat-Informed Defense security program. We’re delighted to announce the General Availability of a groundbreaking new Test Results feature with BAS integrations!
Tidal Cyber Enterprise Edition now makes it even easier to answer these questions about the intersection of robust analysis and empirical testing:
Where are my controls not working as well as we thought they were?
Google “cybersecurity control failure”, and you’ll see a broad theme – security controls not working as well as intended is a big problem. The software development community has realized automated testing and application monitoring can significantly raise system quality and confidence. Likewise, cybersecurity leaders have created tools, including Breach & Attack Simulation, to empirically test your security defenses.
Tidal Cyber Enterprise Edition can now automatically ingest those test results and show you which behaviors have high confidence but failing tests:
Figure 1 - High Confidence and Failing Tests in Tidal Cyber Enterprise Edition
This is possible because Tidal Cyber Enterprise Edition enables you to construct a comprehensive picture of your ability to defend against the threats that matter to you, expressed as a Confidence Score. Attacker behaviors with a high Confidence Score but failing tests may indicate you have a control failure.
What to do about suspected control failures?
Knowing you may have a control failure is half the battle. The other half, of course, is doing something about it! Tidal Cyber Enterprise Edition can drill down into the details of the tests and take you right to the place in the source tool to diagnose and take action. This could be:
- Fix the control, if the test has correctly identified a control failure
- Fix the test configuration, if the test is misconfigured or not actually testing what you want to test
- Reduce the efficacy of the control in your Tidal Cyber Enterprise Edition defensive stack, if the test has identified a weakness that you can’t address immediately, so you can have more accurate picture of your defensive posture
Figure 2 - Test Result Details in Tidal Cyber Enterprise Edition
Where can I improve the accuracy of my defensive stack model?
Alternatively, empirically testing your security controls may show you have fully-working security controls that you didn’t realize you had, or at least that weren’t modeled in your defensive stack. Use the same tools in Tidal Cyber Enterprise Edition to identify attacker behaviors with low confidence and passing tests, then review the tools that are detecting or preventing those attacks. Ensure they are fully and accurately represented in your defensive stacks.
What should I test next?
Finally, every security leader has a giant list of things they’d like to test, but limited resources to apply. Where should you direct this limited capacity? Tidal Cyber Enterprise Edition enables you to identify the lowest-confidence behaviors with no test results at all. Targeting them for your next test ensures you’re maximizing the impact you can have – either by confirming you have a weakness, or by identifying controls you have that could raise your Confidence Score and have a higher-fidelity model of your defensive stack.
BAS Integrations
Tidal Cyber Enterprise Edition now has integrations with AttackIQ Enterprise and SafeBreach. Integrations with additional leading BAS tools are in development and will be available very soon. Contact us at tryenterprise@tidalcyber.com if you have a BAS tool you’d like to see supported.
Other Types of Test Results
Tidal Cyber Enterprise Edition also supports manual entry of test results. This can be useful for testing activities such as red team exercises or penetration tests. These test results are automatically applied to the correct Coverage Maps based on the MITRE ATT&CK® behaviors you identify and are integrated with results automatically obtained from BAS integrations. The net result is that security teams get a unified view across all types of testing performed within the environment.
Figure 3 Create a new Test Run Figure 4 - Create a new Test Result