Member-only story
Blind Leading the Blind: The Rise of Test-Centric Security
When I was interviewed this morning by a journalist on what technologies financial institutions can use to shift the timeline left to detect breaches more quickly, it got me thinking. If we bring our car in to the shop regularly for tuneups and to ensure our security controls, such as the brakes are working as expected for example, then why don’t we test our security controls in our network to make sure they are working as expected as well? Where’s our tune-up for security controls?
Test-Centric Security
Enter test-centric security, a term very much being led by the folks at AttackIQ with their breach and attack simulation (BAS) technology. BAS solutions enable you to build a test-centric security program by testing your detective and preventative technical controls to make sure they work as intended, are not misconfigured, and have full visibility into your network and endpoints. BAS solutions have given us a wake-up call that we should be testing our controls to ensure they are working if many of the breaches over history have not already taught us to be doing.
