Micki Boland is a global cyber security warrior and evangelist with Check Point Technologies’ Office of the CTO. Micki has over 20 years in ICT, cyber security, emerging technology and innovation. Micki’s focus is helping customers, system integrators, and service providers reduce risk through the adoption of emerging cyber security technologies. Micki is an ISC2 CISSP and holds a Master of Science in Technology Commercialization from the University of Texas at Austin, and an MBA with a global security concentration from East Carolina University.
In this article, cyber security expert Micki Boland shares in-depth insights into the inner-workings of cyber security solutions development; the use of attack simulation tools, in-house red teams, testing against real-world scenarios and more. Discover valuable contextual information that can inform cyber security decisions. This article is intended for those with an intermediate to advanced level of technical knowledge.
What should organizations know about security testing within cyber security companies?
Third-party testing labs typically mirror customer environments, and testing simulates corporate environments, and seeks to identify weak spots within security products. For example, the testing labs may deal with ten test scenarios. A security product under a test scenario simulation may achieve acceptance through the product’s measured ability to catch a specific threat or attack vector. These testing scenarios do not always incorporate false positive rate into the security scope or provide for changing security needs.
What should security professionals know about attack simulation tools?
Attack simulation tools are great for the purposes of POC and assessment, though testing tools are quite theoretical and will not understand versions of customer environments. The current threats are everywhere: threats are sophisticated, attack vectors are numerous, and threat actors (adversaries) are external and internal. These simulation tools will not use same techniques used in the real world by real threat actors. In the real world, the threat actors seek to own the target environment and the hackers have the time and money they need to achieve their objective. We have to stop them at every point.
What else should professionals know about security testing and what is Check Point working on?
It is not enough to catch a specific threat vector, detect a specific adversary, technique, or detect a specific malware. Teams in the Check Point Cyber Security Lab perform extensive security testing internally through our own testing platforms and our own red team. We use hundreds of scenarios for our testing and then run 24/7 on these scenarios to automate protection delivery along with our testing automation. Teams are building and continuously delivering actionable insights that feed active protection engines, on par with the evolving threat landscape.
Check Point has a passion for making the world more secure and we are sharing this passion by working together with testing organizations and testers through collaborating, testing standards, and testing integration. As the global leader in cyber security, Check Point is developing our threat preventions by testing against what is actually happening in the real world, what we identify as major issues, and the most dangerous APTs, rather than simulating scenarios or adversarial modeling.
Key takeaways for decision makers?
For the informed decision maker, it is important to understand the benefits and constraints of testing labs in the cyber security product testing and certification process. Informed decision makers also should remember the daunting challenge of dealing with real world threats, and the need for the solution to meet high security performance standards in a comprehensive, integrated, automated cyber security platform that delivers active protections and proactively stops sophisticated threats everywhere.
For more insights from cyber security expert Micki Boland, click here. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.