Page 13 - Cyber Warnings
P. 13
Many financial services firms outsource their security testing to one of a number of
service firms who perform that testing on their own networks or in the cloud.
When we asked financial services firms how well security testing represents their real
production IT infrastructure, they really had no idea. Clearly, any testing that does not
match the production environment is not helping to reduce the security risk that the
organization faces.
Security tests are system-wide tests, not tests of a single piece of hardware or
software. For example, if an organization is testing whether their network will protect
them from cyberattacks, they need to test all of the devices in the network that work
together to provide protection, including switches, firewalls, routers and load balancers.
Simple tests that run against a single network device will not test the cumulative
effectiveness of the entire network security solution.
The tests must run with realistic traffic that simulates typical production traffic.
Many of the newer security devices operate by identifying abnormal traffic patterns and
user or application behavior. Testing the efficacy of these devices is dependent on
accurately simulating realistic traffic patterns and loads.
Cyber testing must allow orchestration of set up, configuration and testing
processes so that both the network environment and the testing processes are
repeatable. Most cyber testing exercises involve modeling the environment, as well as
planning, rehearsing, and refining the testing activities.
To efficiently support this workflow, it is critical to automate the setup and teardown of
the network infrastructure, traffic generation, security device configuration, and the
testing processes that are to be performed.
The ability to snapshot the environment at any point and restore it back to that state is
also desirable. Orchestration that is repeatable improves the reuse of security tests and
scenarios while also improving the accuracy of the results.
Networks are large scale and difficult to re-produce in a test. In order to be
successful, cyber testing must emulate the true size and scale of the production network
and all of its components. It is usually cost prohibitive to simply create a redundant full
production network.
Good cyber testing solutions replace some of the physical infrastructure with virtual
infrastructure and then mix these to provide a realistic replica of production but at a
much lower cost.
13 Cyber Warnings E-Magazine – February 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
