Cybersecurity expert Amital Ratzon calls it the next step in proactive security. This is a new movement in the cybersecurity field, where automated security checks and systems hardening are integrated into every software development and deployment stage. It is called SecValOps and is expected to follow in the footsteps of the DevSecOps movement.
“Just as DevSecOps integrated security into the start of the high-speed development of DevOps, SecValOps goes a step further, adding testing and validation to ensure that an organization’s security strategy can stay effective against today’s sophisticated cyberattacks,” Ratzon says.
Organizations are slowly acknowledging the importance of continuous security testing as they deal with the increasing aggressiveness and sophistication of cyber threats. SecValOps is new, but it appears to be the way to go, given the undeniable necessity for meticulous cybersecurity and continuous security validation and collaboration among cybersecurity teams.
SecValOps: The basics
SecValOps is a new approach for a new set of threats. With cybercriminals becoming more resourceful and peskily more unrelenting than ever, it is not enough to simply integrate security into the DevOps process. Testing the security controls baked into software projects or installed in an organization is also crucial. Hackers and other bad actors only need a few minutes of vulnerability to introduce ransomware and other malware in a network or inject malicious scripts into vulnerable codes.
SecValOps embodies the idea of continuous security testing, much like how continuous security validation enhances organizations’ cybersecurity posture. Its goal is to remove virtually all security gaps or instances of vulnerabilities in security controls. It reduces attack surfaces and helps ensure effective attack surfaces and cyber risk management.
Shaping up as a foundation for security operations, SecValOps makes it clear to organizations that they need to implement automated and continuous security testing before, during, and after organizational changes, given the latest developments in the cyber threat landscape.
Changes such as security policy modifications, IT hardware and software replacement and updating, management and personnel changes, switching to a new cloud provider, and organizational protocol and procedural updates can impact IT resources. Checking for security controls efficacy only at specific points is inadequate for the threats organizations face nowadays.
SecValOps best practices
What do organizations need to adopt SecValOps? Nothing out of the ordinary. Most companies are already acquainted with these cybersecurity strategies: continuous penetration testing, purple teaming, and a collaborative approach to cyber threats.
Continuous penetration testing or continuous red teaming is something many companies already use as part of their security validation programs. Of course, this would be extremely costly if they have to hire white hats to do continuous pen-testing ceaselessly, so they turn to automated solutions. This does not mean relying entirely on automated pen testing, though.
There are instances when manual red teaming is essential. A recent survey of IT security managers finds that organizations acknowledge the limitations of manual pen-testing. However, it notes that pen testing still provides “a valid way to surface some vulnerabilities in specific, scoped portions of an attack surface at a single point in time.” However, utilizing continuous automated penetration testing and strategically applying manual tests to specific cases makes perfect sense.
Purple Teaming supports continuous penetration testing by adding an adversarial perspective to the security validation process. It entails some extent of cooperation between the red (attack) and blue (defense) teams to accelerate the process of security testing by helping each other figure out how a defense can be strengthened or how an attack can be bolstered.
Instead of letting the attack and defense teams work in silos, purple teaming enables collaboration in figuring out how the defense team made something impenetrable or how the attacking team tweaked their way into defeating the blue team’s cyber defenses. By doing this, the different teams cannot figure out things independently; hence more scenarios get tested, and security improvements are implemented more rapidly.
The cooperation in purple teaming does not mean that the red and blue teams know everything each other does. They do not share information on how they designed each other’s attack or defense, let alone spoon-feed each other with everything they know. They only usually collaborate after testing outcomes are determined.
On the other hand, collaboration in security validation is about sharing information and insights on the latest cyber-attacks and threats. Many already do this through the MITRE ATT&CK framework, with which IT teams or cybersecurity groups share the latest details on adversarial tactics and techniques to help organizations identify and block them. It is also helpful in guiding organizations on how to mitigate the impact of recently developed cyber-attacks.
Many security firms that provide security validation solutions also embrace the MITRE ATT&CK framework. They integrate this in their purple teaming modules or as a component of their security testing platforms to automate the process and help ensure threat-updated continuous testing. It provides a massive boost to security testing.
These three best practices are not either/or options. They complement each other and should be implemented together. SecValOps calls for security testing that is continuous and threat-informed (adversarial perspective). It also acknowledges the importance of harnessing the advantages of collaboration among cybersecurity firms, teams, and experts worldwide.
Why do organizations need SecValOps
In today’s fast-paced way of doing things, organizational changes are inevitable and can happen all too quickly. The security controls that worked before for a specific setup and set of hardware, software, and digital assets may no longer work as they used to. There’s a need to continuously keep track of these controls to ensure they remain effective in detecting or preventing emerging threats.
“The typical organization today has undertaken five major firm-wide changes in the past three years — and nearly 75 percent expect to multiply the types of major change initiatives they will undertake in the next three years,” says Gartner. For example, when organizations shift from brick-and-mortar to e-commerce operations or merge with another business, changes unavoidably occur and affect cybersecurity policies and controls.
No guarantee existing security systems will remain effective without testing. If organizations do not get used to taking cybersecurity into account whenever they encounter changes, the likelihood of becoming vulnerable to the latest threats is very high.
SecValOps is like an offensive way of establishing a defense. It is mindful of the risks and anticipates the attacks or threats. Companies must embrace it as they bring their cybersecurity up to a higher level to keep up with the more significant complexities and relentlessness of creative and sometimes state-backed cybercriminals.
Share this article
About the Author
Waqas is a cybersecurity journalist and writer who has a knack for writing technology and online privacy-focused articles. He strives to help achieve a secure online environment and is skilled in writing topics related to cybersecurity, AI, DevOps, Cloud security, and a lot more. As seen in: Computer.org, Nordic APIs, Infosecinstitute.com, Tripwire.com, and VentureBeat.More from Iam Waqas
20 Best Penetration Testing Tools For Security Professionals
Quick list for the best Penetration testing tools If you’re in a hurry, then have a look at th...
The Role of Developer Security as a Standard in the Software Development Process
Also known as developer-first security, developer security refers to building software while shiftin...
How To Detect Hidden Cameras And Listening Devices? A Complete Guide
Many people feel like someone is watching them or listening to their conversations. They may be righ...
What Is Ransomware Attacks and How To Remove It – A Complete Guide
According to a report by Symantec, ransomware attacks affected around 3.5 million people in 2018. Th...