The resilience of a system against hacking attacks is always as strong as its weakest spot. Discover how CogTL helps security engineers to prioritize their actions and security investments.
The cybersecurity game
CISOs and security leaders know that to stay away from cybercriminals, they must have their eyes everywhere in their IT system and be able to anticipate attack scenarios before hackers do. It is both a exciting and stressful duty, in particular because their failures are so much more visible than their successes.
But their main challenge is that all conditions and rules of the game are changing all the time. Systems are updated or replaced, new services are deployed in production, users join or leave the company, new vulnerabilities are discovered and exploits are made available in the wild, information gets disclosed, new regulations arise, to name only a few elements that would normally imply a full re-evaluation of the cybersecurity risk of an IT System. No human, or no business process, would be able to detect all indirect consequences of every change over the cyber risk posture of the company.
The best proof that impacts are sometimes missed, and weaknesses are left exposed, is given by ethical hacking companies. Big companies regularly hire “white hat hackers” to try to discover their vulnerabilities. Guess what: there is nearly *always* new vulnerabilities or weaknesses, despite all the good will of the security teams, and all the change management processes (having a non-negligible cost, by the way) designed to limit those risks.
By taking a step back, the cyber resilience of a company is thus based on the maturity of its IT governance, the amount of energy, time and money spent by its Security team, and … time-bounded luck. Luck because as we exposed above, weaknesses will exist for a limited time in the best case, and it is only a matter of time (and exposure of the company) before a hacker figures out how to exploit those weaknesses.
Here comes CogTL
With its real time capacity of analyzing multiple sources of data, federating all knowledge about a system, and imagining scenarios based on this “up-to-date knowledge”, CogTL is exactly the missing piece addressing this part of “luck”. If multiple changes occur and result in the possibility of an attack scenario, CogTL will immediately raise a flag – alert or even automatically react.
As food for thoughts, imagine the possibility of automatically correlating the following elements:
- Your exposed surface (e.g. nmap results)
- Results of automated vulnerability scans (e.g. Nessus, Qualys…)
- Latests published CVEs (over Internet live feeds)
- Configuration of the servers exposing those services (with simple discovery tools / CMDB)
- Technical accounts running the services and their permissions (from a LDAP directory)
- The permissions set on servers
- Configuration of routers and firewalls (by parsing configuration files or with export of network management tools)
Even by starting small with two or three of those items, benefits are immediately visible in terms of reactivity and most of the time, it already underlines a few elements that need further investigation. At the same time, the free text search and easy query language, as well as the possibility to setup “prepared queries” and dashboards make CogTL a very useful kiosk of up-to-date information, avoiding the user to connect to multiple systems to cross-check data.
From reactivity to proactivity
With the real time analysis provided by CogTL, we already shorten the time to react to new weaknesses and lower the part of “luck” in the security strategy. We also get an accurate overview of the risk posture, with a significant benefit for the security leaders and the management of the company: we have a vision that can help optimizing the security investments. By showing in a demonstrable manner where are located the weakest links, we know where and how to start. But even better than being reactive, with its powerful simulation features accessible through an Open API, it is also possible to integrate CogTL as an automated step in change management workflows. By evaluating the potential positive or negative impact of any change in a few seconds, it may act as a strong security gate in IT processes, to be even more proactive before exposing weaknesses, and stop risk scenarios before they are even possible.
Historically, CogTL was imagined and designed exactly for this precise objective. The lead architect and developer of the engine was heading a Security engineering team in a Swiss multi-national bank, and imagined the product to get a better coverage of the cyber security risks. It took several years to reach the current level of maturity of the product, but now it is used in production in multiple projects with very interesting results.