CovertSwarm 'Continuous Vulnerability Testing'
CovertSwarm is frequently requested by the C-Suite within many of the organisations with which we engage to “Tell us about ethical hacking and why should it be important to our business?”
Sensationalist media have increasingly portrayed and associated the term ‘hacker’ with negative activities and stories that have resulted in the world having a great stigma associated to it.
The stereotypical and overused image of a hacker being a lone figure who sits in their bedroom, wearing a Hoodie, trying to ‘break’ into organisation’s applications and networks couldn’t be further from the truth:
The cyber and technology industries that are recognisable today have been founded, supported, nurtured and grown to their current standing by hackers – individuals and teams who utilise their technical and programming capabilities to overcome challenges or problems. All made possible by creative, logical, lateral thinking that is carefully fused with deep experience, skillset and a team mentality.
Being a ‘hacker’ is a completely legal vocation. It is only when their edgy and well-honed skills are used for malicious intent it is likely that laws will be broken (and proverbial Hoodies donned).
The cyber industry has worked hard to maintain a positive definition of ‘hacking’ and borne from their efforts is the term ‘ethical hacker’: someone who uses their cyber skills to work with organisations to improve their data and information security, not damage or exploit it.
Ethical hackers actively help organisations in the pursuit of improving and preventing genuine attacks from 'bad actors’ who possess malicious intent. The value and insight that ethical hackers provide to the organisations with which they engage comes through their positively-aimed cyber offensives whose insights ultimately translate to the maintenance of a highly effective set of resulting cyber defences.
Through the active analysis, research and probing that is aimed at uncovering technology flaws, vulnerabilities and the resulting cyber risks, many diverse and sometimes tenuous-linked exploratory avenues are pursued by ethical hackers – the very same avenues that a genuine bad actor would attempt to exploit in their own unwavering pursuit to breach an organisation.
CovertSwarm’s approach to ethical hacking has evolved upon the ubiquitous, ad-hoc ethical hacking service offered by many consultancies, by us instead engaging to constantly compromise the security of our clients to help them continuously discover, fix and build the appropriate defences to ward off our attacks, and similar attacks driven by the World’s true bad actors.
The legacy approach to solving the ‘are we secure’ problem has been for an organisation to temporarily engage with an ethical hacker (or a small consultancy comprising of ethical hackers) as a part of a discrete, snapshot, ‘Penetration Test’:
A Penetration Test is a point in time engagement where ethical hackers will research and present back a report (often a lengthy spreadsheet or PDF) containing a list of issues, vulnerabilities and risks that have been detected within a finite, target ‘scope’. This scope frequently includes a limited network range; a web application; or some other elements that represent the ‘crown jewels’ of an organisation’s intellectual property and commercial activities. These Penetration Tests are often instigated by the need for an organisation to adhere to a series of compliance requirements (e.g. PCI-DSS), data protection obligations (ISO27001:2013) or a third-party client to which they are supplying a service or product. Pentests often form part of a wider control set within an organisation.
When unpicked, the depth and standard to which penetration test engagements deliver for their clients often produces a view that indicates huge variances in quality, derived cyber assurance and cost. All of which make the derivation of true resulting value from such exercises very difficult to ascertain and demonstrate to Boards, investors and the C-Suite.
To address the quality and risk gap that exists between ethical hacker-led penetration tests, organisations sometimes elect to employ multiple ‘point in time’ pentests over a 12-month period. Whilst this approach can help to drive some additional value through ‘more frequent, ad-hoc testing’, the potential value and cyber risk mitigation that would instead be delivered by a team of ethical hackers such as those within CovertSwarm - who grow to increasingly understand and learn how to best exploit an organisation’s evolving technology estate via the continuous application of their skills - is never fully realised.
In recent years the cyber industry has tried to solve the service deficiency resulting from ad-hoc pentest engagements with ‘continuous vulnerability’ or ‘continuous penetration’ testing.
Invariably these terms mean different things to different cyber vendors - for example:
1. A number of individual Penetration Tests each year - with little knowledge transfer in between tests (either client-side, or vendor-side)
2. A single test a year supported by automated vulnerability scanning between tests - that inevitably searches for ‘known’ vulberabilities rather than true ‘zero day’ exploits.
3. No ethical hacker-led penetration testing, just software-level scanning – a low value activity that only ever detects issues that are already well known and documented.
In all scenarios none of these ‘solutions’ are able to keep pace with today’s modern, fast paced business rates of technology change.
Organisations with teams of developers, devops processes and agile engineering teams all collaborating and moving quicky, do so in order to keep their businesses at the forefront of their industry through the delivery of ever-enhancing competitive edge. This flurry of constant activity and change creates an evitable imbalance or ‘Cyber Risk Gap.’
CovertSwarm was founded to close this genuine cyber risk and to meet the increasing demand for the offensive security industry, penetration testers, ethical hackers and continuous vulnerability testing approaches to modernise and work in alignment to support commerce’s cyber health.
Health that has been negatively impacted by the world’s increasingly rapid pace of business and technology change and the historic inability for the cyber industry to keep up.
CovertSwarm’s Constant Cyber Attack service, led by dedicated teams of ethical hackers, maintains a focus on exploiting the cyber security of our client’s businesses, with a mission to make them the most secure organisations they wish to be.
We operate in exactly the same way that genuine bad actors do against our client’s organisation – emulating the behaviours of Advanced Persistent Threats (APTs) and state sponsored groups.
Defence against a true-to-life form of constant, simulated cyber attack allows CovertSwarm’s clients to stay ahead of the cyber weaknesses, vulnerabilities and risks that all of the World’s online organisations face. Every day.
CovertSwarm offers a modern, offensive, continuous, positive pressure approach to ethical Cyber Security as a Service. Our teams of ethical hackers are organised into knowledge-exchanges that we call ‘Hives’ that come together to form a ‘Swarm’ to deliver their cyber research and offensives.
Our mission is to constantly compromise our clients, and our Swarm works relentlessly - every day - to achieve just that.
1. CovertSwarm performs continuous, focused and targeted research against each of client’s unique technology stacks.
2. Through their 24/7 focus towards your organisation, our ethical hacker-led research and exploit teams go far beyond those of traditional penetration test, vulnerability testing or similar industry approaches.
3. CovertSwarm employs the same techniques, methodologies and subversive cyber and social exploitation approaches that malicious bad actors do - but put ethics and value delivery at the core of our culture and service ethos.
4. All CovertSwarm ethical hackers are fully employed and vetted by us, and are industry professionals who are the very best at what they do and backed by decades of collective experience.
Subscribe to CovertSwarm today and modernise your organisation’s approach to maintaining a progressive cyber security posture.