How might you keep a gap from becoming a blind spot in your information security defenses

If you’re a cybersecurity pro, they are the last three letters you want to hear: G-A-P.
And it has nothing to do with your jeans.

We’re talking about security gaps, which are an unfortunate fact of life and certain to remain so — at least until humans are entirely replaced by AI. People are fallible, which means the systems we build and the networks we maintain are always going to be prone to vulnerability.

While that may sound like sobering news, we also have the tools we need to mitigate risk by identifying and closing gaps as quickly as they open.

Why Security Gaps Arise

If you look at the reason for security gaps developing in retrospect, you can see various patterns begin to emerge. Organizations often become vulnerable because they do a poor job of assessing risk, they lack cyber preparedness, they are overexposed to third parties or they have an overly reactive security posture.

Additionally, modern computing is almost designed to create evolving vulnerabilities. Rising complexity and continuous changes within our infrastructures mean that new security gaps can (and do) pop up at any time. Poor implementation — often occurring when IT teams must do more with less or operate under difficult mandates (such as quickly migrating to the cloud) — also plays a role.

So, in addition to having a proactive cyber defense, how does one take steps to address these issues? A gap analysis is one option. These tools can identify risks, prioritize remediation efforts and improve overall security. A good analysis provides a contrast between the ideal state of security within your organization and the current state.

A gap analysis will often include research and interviews with IT staffers and management, analysis of critical data and actionable steps to close any gaps that are discovered. Overall, it helps an organization view its security holistically and plot out the necessary steps to eliminate cybersecurity attack vectors.

In addition to a formal outside gap analysis, organizations can also choose to use some proven tools to identify and eliminate vulnerabilities. Namely, penetration testing and red teaming. Manual pen tests do an excellent job of uncovering security gaps within IT environments, while red teams can be called in to simulate a sophisticated attack against an organization’s defenses.

Automated vulnerability scanning, too, can help check for outdated software and open ports, closing obvious holes. Yet there is also another emerging technology that offers the benefits of all of these approaches rolled into a single platform: Cyber-attack simulation.

Why Breach and Attack Simulation is Key for Closing Hidden Security Gaps

In terms of cutting-edge cyber defense solutions, few can offer the versatility of breach and attack simulation (BAS) software. This technology serves as a cyber-attack simulator, launching continuous attacks on your networks and systems to root out hidden vulnerabilities.

In other words, it acts much like white hat pen testers or red teams by mimicking the mindset of adversaries and attempting to breach environments along likely attack paths, using the same techniques favored by hackers. It does this with no disruption to production, and it provides protection on a continuous basis. While manual pen tests and red teams are resource intensive and therefore episodic, BAS tools can run continuously — the key to identifying gaps caused by fast-evolving changes.

XM Cyber’s BAS technology is the only fully automated solution that works in Amazon Web Services (AWS), making it the best choice for cyber defense for hybrid cloud. If you’d like to know more about how XM Cyber helps minimize gaps by allowing you to play defense by offense while enabling continuous security posture improvement.

Marcus Gilban is Head of Marketing Communications at XM Cyber.

No matter how hard you try, you can’t escape ransomware attacks. The volume of attacks reached an unfathomable 623.3 million ransomware attacks globally in 2021 according to the 2022 SonicWall Cyber Threat Report, a 105% year-over-year increase.

One Russian ransomware gang has developed a new approach that hunts for privileged users and services to access, exfiltrate, remove, and encrypt backups so the victim organization can’t recover.

Some ransomware strains start by scanning shared corporate network drives for existing backup archives. Others first infect an organization’s production IT environment before starting an attack. This is where it gets sneaky, as the infected production data is then backed up and stored. At this point, the cybercriminal executes a ransomware attack, forcing the organization to use its backup data to recover.

The result? The recovery takes the ransomware back into the production environment—and the organization is victimized. With backup software and data in hackers’ crosshairs, what’s needed is a solution that safeguards your backup data no matter what. Air gapping is the answer.

Air Gaps: Physically Disconnecting Your Backups

In a recent report, “Leverage Air-gap Technologies to Stop Ransomware Attacks and Meet Operational Objectives,” DCIG President and Founder Jerome Wendt writes about how air-gap technologies stop ransomware attacks and help you meet operational objectives.

Wendt says, “Air gaps represent a practical and cost-effective step that organizations may take to secure their backup data from ransomware attacks.” He goes on to say that organizations may use physical, logical, or both types of air gaps. A physical air gap means your backups are stored on media disconnected from your IT environment, often using tape backup solutions. A logical air gap stays connected to your network, with users accessing controls to isolate the backup data from your production environment.

Since ransomware can’t “see” or find these backups, your data can’t be compromised. If you want to keep your backup data on-premises, using an immutable storage system for your backup data makes sense. Immutable backups are created as a write-once, read many times file that can’t be altered or deleted. And because physical and logical air-gapped storage solutions are affordable, they are an even more attractive option. Wendt notes that using physical storage such as tape can reduce backup storage costs to pennies per TB.

Making Air-Gap Deployments Work

The DCIG report offers four crucial strategies for efficiently structuring your air-gap plan. These include:

1. Require User Authentication for Access

Wendt says three components must be secured as part of the backup process. First, you shouldn’t assume your backup software security meets your expectations. Some backup software still uses default user logins and passwords, potentially opening the door to hackers to block or eliminate your air gap measures if they can gain access. Confirm that your selected backup solution requires complex passwords on installation or first use. Next, for enterprise backup software, your software should offer multi-factor authentication (MFA) and the ability to integrate with Active Directory. Finally, backup software that provides role-based access control (RBAC) that requires a second person to approve the performance of specific tasks like deleting backup data before it is set to expire is a big plus.

2. Be Sure You Can Manage Multiple Air-Gap Technologies

A solid backup software solution supports both logical and physical air-gap technologies. Your organization may use multiple air-gap technologies extending from cloud storage to removable storage media. Robust backup software also offers support for tape libraries. And your backup software should support creating policies for backup data management, including backup targets, retention schedules, and business rules.

3. Use Immutable Backup Storage

We’ve already covered the importance of immutable storage of your backups. For on-premises backups, make sure your backup software stores your data in an immutable format to prevent changes or deletions while still affording you a fast recovery.

4. Monitor and Scan Your Backup Data

Since your cybersecurity defenses can’t stop every threat—even with firewalls, spam filters, and antivirus software—if a ransomware strain is undetected within your network, it may also make its way into your backups. If you need that backup, you’ll bring the ransomware back in along with your data. Look for backup software that can monitor itself for unusual user activity and your backup data for any out-of-the-ordinary changes. The software should also be able to scan your backup data to seek out any hidden ransomware.

Meet Your Backup Demands with Arcserve

The DCIG report states that the Arcserve product portfolio allows you to put these four strategies in place to manage your air-gapped backups effectively. And Wendt closes by saying that with Arcserve, users “…may quickly back up, secure, and analyze their data knowing they have reliable, clean backups. Equally important, they may recover their data wherever they need it in the time and manner they need it.”

To learn more about your air-gap technology options from Arcserve, talk to one of our expert technology partners. For more details about Arcserve products, contact us.

Click here to read to full DCIG report.

What are the basic choices for limiting or containing the damage from risk?

How are dashboards used as part of systems monitoring and incident response?

What is the role of incident response and management in risk mitigation and risk management quizlet?