Why Defenders Should Embrace a Hacker Mindset

Today’s security leaders must manage a constantly evolving attack surface and a dynamic threat environment due to interconnected devices, cloud services, IoT technologies, and hybrid work environments. Adversaries are constantly introducing new attack techniques, and not all companies have internal Red Teams or unlimited security resources to stay on top of the latest threats.

Many organizations take a conventional approach to vulnerability management, documenting their assets and identifying associated vulnerabilities, often on a rigid schedule. One of the problems with the current strategy is that it compels defenders to think in lists, while hackers think in graphs. Malicious actors start with identifying their targets and what matters to them is to find even a single pathway to gain access to the crown jewels.

1) Understand Attackers Tactics

Adopting a hacker’s mindset helps security leaders anticipate potential breach points and build their defense.

This starts with a realistic understanding of the techniques malicious actors use to get from A to Z. This means that defenders must prepare for brute force attacks, loaders, keyloggers, exploit kits, and other rapidly deployable tactics.

Security teams must also evaluate their responses to these tactics in real-world scenarios. Testing in a lab environment is a good start, but peace of mind only comes when directly evaluating production systems. Similarly, simulations are informative, but teams must go a step further and see how their defenses stand up to penetration tests and robust emulated attacks.

2) Reveal Complete Attack Paths, Step by Step

No vulnerability exists in isolation. Hackers almost always combine multiple vulnerabilities to form a complete attack path. As a result, security leaders must be able to visualize the “big picture” and test their entire environment. By identifying the critical paths attackers could take from reconnaissance through exploitation and impact, defenders can prioritize and remediate effectively.

3) Prioritize Remediation Based on Impact

Hackers typically look for the path of least resistance. This means that you should address your exploitable paths with the most impact first. From there, you can work your way through incrementally less-likely scenarios as resources allow.

Leaders should also consider the potential business impact of the vulnerabilities they need to remediate. For example, a single network misconfiguration or a single user with excessive permissions can lead to many possible attack paths. Prioritizing high-value assets and critical security gaps helps you avoid the trap of spreading your resources too thin across your entire attack surface.

4) Validate the Effectiveness of Your Security Investments

Testing the real-world efficacy of security products and procedures is critical. For instance – is your EDR properly detecting suspicious activity? Is the SIEM sending alerts as expected? How fast does your SOC respond? And most importantly, how effectively do all of the tools in your security stack interact together? These tests are essential as you measure your efforts.