Adversarial Collaboration Unit Finds Complacency, Inertia at Root of Avoidable Security Issues
DENVER, Feb. 15, 2023 /PRNewswire/ -- Lares, a leader in global security assessment, testing, and coaching, today released new research highlighting the Top 5 Purple Team Findings encountered by the firm's consultants over hundreds of client engagements in 2022. The most commonly avoidable mistakes encountered by Purple Team engagements over the past year include inadequate or unnecessary event logging, lack of offensive security knowledge, codependent relationships in the Security Operations Center (SOC), an unhealthy reliance on tools, and throwing good money after bad.
"To properly defend their organizations, security professionals need to be aware of the latest threats and how to respond," said Andrew Hay, Chief Operating Officer of Lares. "Security teams also need to be mindful of the potential issues that can arise from their defensive measures. Additionally, defenders must avoid becoming reliant on tools and instead focus on developing essential skills that cannot or should not be outsourced."
The Lares Adversarial Collaboration Unit (ACU) assists clients with defensive collaboration engagements and Purple Team assessments, combining offensive and defensive techniques to strengthen security protections. Red Teams emulate external or insider attackers, while Blue Teams serve as internal security defenders. Purple Teams assist both sides by aligning the defensive tactics of the Blue Team with the threats attempted by the Red Team.
Key Takeaways
Inadequate or Unnecessary Event Logging: Many organizations need to pay more attention to critical log events or collect too many unnecessary events that fill up storage and obscure important data. In their inattention, they may overlook critical signs of malicious activity.
Lack of Offensive Security Knowledge: Monitoring an organization's environment for potential threats requires more than just a basic understanding of adversarial tactics, techniques, and procedures (TTPs). It is important to identify when and how these TTPs are being used to take appropriate actions to defend the organization. For example, security oversight may require monitoring of internal communications to identify potential indicators of malicious activity.
Codependent Relationships in the SOC: Many managed security operations centers (SOCs) introduce new issues for defensive teams rather than solve them. Alerting delays occur when the managed SOC fails to properly configure the tools and technologies to detect and respond to security incidents. Events that could be used to thwart attacks are delayed or never seen. Additionally, managed SOCs often suppress critical events due to pressure from upper management or external customers.
Unhealthy Reliance on Tools: Defenders are becoming too reliant on Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) solutions, expecting them to find all the bad actors. This can lead to false positives and incorrect attribution. EDR and XDR should be seen as part of a wider security solution, not the sole point of monitoring.
Throwing Good Money After Bad: It is common for organizations to outsource their knowledge when it comes to defensive measures. While this may seem like the easiest solution, it does more harm than good and prevents employees from learning the essential skills they need to be effective, costing the company more money in the long term. Instead of outsourcing all security knowledge, companies should invest in their employees and allow them to learn and grow.
The Lares "Top 5 Purple Team Findings in 2022" research paper is available for download here: https://www.lares.com/lares-top-5-purple-team-findings-report/
Dave Storie, Lares Adversarial Collaboration Engineer, will present a webinar on Wednesday, February 22 at 10 a.m. (PT) / 1 p.m. (ET), to discuss these white paper findings in greater detail. To sign up or get more information about the webinar, please click here: https://register.gotowebinar.com/register/4649916466836351578
About Lares, LLC
Lares is a security consulting firm that helps companies secure electronic, physical, intellectual, and financial assets through a unique blend of assessment, testing, and coaching since 2008. For more information, visit lares.com, contact us at (720) 600-0329, or follow Lares on Twitter @Lares_.
Media Contact
John Kreuzer
Lumina Communications for Lares
[email protected]
SOURCE Lares
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article