Category: Blog

Four Exciting Takeaways from Cisco Live 2023

2023 is off to an exciting start for JDS, as Australia’s leading Cisco Full Stack Observability partner. There were a host of new product features and announcements which came out of Cisco Live in Amsterdam last month, all focused on fast and secure customer experiences with data-driven insights and action. 

Here are four exciting takeaways from the event that we’re particularly excited about: 

New release for On-premise Platform

AppDynamics have released v23.2 for the on-premise controller and platform components, bringing a raft of security and compatibility updates, and parity for APM & EUM agent functionality with the SaaS platform. Some of our clients have strict requirements around data protection, and AppDynamics On-Premise allows them to gain the same deep level of observability into their apps, while keeping data within their network.

Two-way integration between AppDynamics and ThousandEyes (TE) and TE Open Telemetry support

None of us want to have to scramble to multiple different tools when degradation occurs just to figure out where in the stack something is broken. It adds unnecessary time in determining the root cause and increases MTTR. 

Cisco has made significant improvements by adding support for OpenTelemetry into ThousandEyes, and an out-of-the-box integration to bring detailed network level metrics into AppDynamics dashboards. This allows ThousandEyes to be aware of the application context and show application health status from AppDynamics, alongside network tests. 

This advancement will help to understand much faster whether the network or internet is impacting your application health, and which parts of the application and business are affected when it does. 

Brand new Full Stack Observability data platform

Observing modern application stacks means taking and analysing A LOT of measurements, and it needs to be fast and flexible to allow insights to be gained without onerous number crunching or actions taken. A data platform that can ingest large volumes of ubiquitous data with fast analytics is critical to this, and Cisco’s new Full Stack Observability platform delivers on these requirements.

Highlights of the new platform, slated for release in April 2023, are: 

  • Much more than just a data lake. Correlate data with business and IT context to understand impact and importance.
  • Bring in any MELT data via Open Telemetry. If you can describe it with OTLP, it can be ingested. 
  • Make use of AppDynamics Cloud, built on the FSO platform, to visualise and analyse data, use third party UIs like Grafana, or build your own for your use cases.

Secure the stack with new integrations and intelligence in Cisco Secure App

Secure App leverages the AppDynamics agents to identify vulnerabilities, detect attacks and block them in real time – cutting off new threats immediately, and giving you valuable time to rectify your code. 

This capability has now been expanded with new integrations and intelligence within a range of Cisco Security tools. 

  • Kenna & Talos – leveraging a vast feed of threat and exploit data feeds and known vulnerabilities to assess your risk levels in the context of your app and business
  • Panoptica – providing assessment of 3rd party APIs to understand your exposure to your downstream dependencies such as SaaS services and partner apps. 
  • AppDynamics Business Transaction awareness – understand the business context of threats and which aspects of your applications are at risk.

Atlassian Cloud Migration: The Clock Is Ticking

End of Server Sales and Support

In late 2020, Atlassian announced their end-of-life roadmap for Server edition sales and support in a push towards migrating to Atlassian Cloud (see below). Three years on, we find ourselves hitting the third milestone of this plan, and no longer have the ability to purchase new apps for Atlassian Server. The final end-of-support date of February 2024 is now fast approaching.

Image by Atlassian: Atlassian Server end of life (sale/support) information

It has never been more important for users of Atlassian Server to start planning their move to Atlassian Cloud as these migrations can prove to be more complex and involved than originally anticipated.

JDS, a Gold Atlassian Solution Partner, has assisted a multitude of customers with their move to Atlassian Cloud, including migrations with large-scale data, multiple instances, alternative approaches (where the traditional JCMA tool was not viable), and extended products beyond Jira and Confluence (Such as Bitbucket and Zephr).

Why Cloud?

Some users may have reservations about making the move to a new platform, especially those who have not experienced what cloud has to offer, however there are a number of benefits to be acknowledged. Moving to cloud means that Atlassian takes on the hosting and management responsibilities, resulting in a reduction in overhead costs relating to Atlassian products. Atlassian Cloud also offers a wide range of new and extended functionalities built into its out-of-the-box solutions (see table below), and there is an expansive and valuable marketplace of add-ons.

What to do next…

With this imminent end-of-support date, and the knowledge that migrating to cloud may take upwards of 6 months, it is no surprise that Atlassian and Atlassian partners are recommending cloud migrations for all Atlassian on-premises products be carried out as soon as possible, especially while Atlassian is offering reduced costings and extended cloud trials.

Atlassian supplies you with the JCMA tooling which can be implemented by your internal IT team, however there are often pitfalls and complications that can arise during migration that can be difficult to navigate without in-depth knowledge.

In addition to this, given the current climate of data security, it is extremely important that all necessary steps are taken to minimise the risk of data loss and exposure of cyber vulnerabilities. Therefore, it’s highly recommended that an Atlassian Solutions partner is engaged in the migration project to ensure a seamless implementation and successful outcome.

If you haven’t yet moved to Atlassian Cloud, JDS is here to assist as a local Atlassian Gold Solutions Partner with invaluable depth of expertise and experience.

Part One: ServiceNow Hyperautomation – Process Optimisation

Improvement Initiatives

As businesses grow, IT processes become increasingly complex and difficult to manage. This is where Process Optimisation comes in, providing a way to evaluate and enhance the performance of your IT processes using data from your systems. In other words, it’s a method of making sure that your IT processes are running as smoothly and efficiently as possible.

One of the key components of Process Optimisation is ‘Improvement Initiatives’, also known as ‘Continuous Improvement’. This approach involves using data-driven insights and best practices to identify opportunities for enhancing the effectiveness and efficiency of your IT service management processes. By continually refining and improving these processes, you can ensure that your organisation is operating at peak performance, and delivering the best possible outcomes for your customers.

Whether you’re looking to get started quickly with API-driven processes or planning for the future with Robotic Process Automation (RPA), the ServiceNow platform can help you achieve your goals. If you’re already using ServiceNow, the leading platform for digital workflows, Process Optimisation and Improvement Initiatives are built right in.
Read on to learn more about ‘Improvement Initiatives’ and explore RPA and API in more detail.

Understanding APIs

In the world of software development, an Application Programming Interface (API) is an essential building block that enables different applications to communicate with each other. APIs are like the ‘bridges’ that connect different software components, allowing them to share data and functionality seamlessly. Without APIs, software applications would have to be built from scratch every time, making the development process much more time-consuming and resource-intensive.

An API typically consists of a set of rules and protocols that govern how software applications should interact with each other. These rules and protocols define the methods that can be used to retrieve, update, or delete data, as well as the format of the data that is exchanged. APIs enable developers to create complex systems that can be easily integrated with other applications.

APIs are used in a variety of settings, from web and mobile applications to enterprise software systems. Many popular web services, such as Google Maps, Twitter, and Facebook, provide APIs that developers can use to access their data and functionality. In addition, many enterprise software systems, such as customer relationship management (CRM) software and enterprise resource planning (ERP) systems, offer APIs that enable developers to integrate their applications with these systems.

APIs are critical components of modern software development, enabling applications to communicate and share data with one another. By providing a standardised way to interact with software systems, APIs simplify the development process and make it easier to create powerful, integrated software solutions.

Understanding RPA

Robotic Process Automation (RPA) is a revolutionary technology that promises to transform the way we work. Essentially, RPA involves using software robots (or bots) to automate repetitive, rule-based tasks that are typically performed by humans. This means that employees can be freed up to focus on higher-value tasks that require creativity, critical thinking, and problem-solving skills.

RPA tools are designed to mimic the actions of a human worker. For example, they can log into applications, copy and paste data between systems, and enter information into forms. By automating these tasks, RPA can help organisations to improve efficiency, reduce costs, and increase accuracy.

One of the key benefits of RPA is that it can be used to automate a wide range of processes across different departments and industries. For example, RPA can be used to automate invoice processing in finance, customer service inquiries in retail, and claims processing in insurance.

RPA is an exciting technology that has the potential to revolutionise the way we work. As businesses look to stay competitive in an increasingly digital world, RPA is set to play a key role in driving productivity, reducing costs, and improving customer satisfaction.

API vs RPA: Understanding the Difference

In today’s world of increasing digitalisation, businesses are always looking for ways to improve efficiency and reduce costs. Two technologies that are often mentioned in this context are RPA and API. Both technologies can help businesses automate processes, but they have different approaches and capabilities. It is a common misconception in the IT industry that RPA is only used when API is not available. In fact, RPA and API have their own strengths and limitations.

The key difference between RPA and API is their approach to automation. RPA is focused on automating specific tasks or processes, while API is focused on enabling different systems to work together. RPA is typically used to automate repetitive and manual tasks that are prone to errors, while API is used to integrate systems and data sources and enable real-time communication and data exchange.

RPA and API are two very different technologies that can help businesses automate processes and improve efficiency. Depending on the needs of your business, one or both of these technologies may be useful in achieving your automation goals.

Unify your Hyperautomation Landscape with ServiceNow (Automation Center)

ServiceNow Automation Center is a cutting-edge platform that offers a centralised solution for managing and executing Hyperautomation strategies. By utilising powerful features such as workplace, dashboard, executive dashboard and RPA vendor integration, businesses can streamline their automation landscape, making it easier than ever before to implement a comprehensive automation strategy that can improve efficiency and reduce costs.

One of the key benefits of ServiceNow Automation Center is the ability to integrate disparate automation solutions across different third-party vendors. This can help to maximise the business impact of automation initiatives, as well as consolidate automation opportunities across the entire enterprise. With ServiceNow Automation Center, businesses can manage the entire automation lifecycle from intake through to execution, providing a holistic view of automation activity across the organisation.

In addition, ServiceNow Automation Center provides a powerful visualisation tool, allowing businesses to view benchmarks for automation business goals and activity in one centralised location. This feature makes it easier to track the progress of automation initiatives and make data-driven decisions to optimise their impact.

ServiceNow Automation Center also provides a comprehensive solution for monitoring and managing robotic process automation (RPA) jobs in CMDB. This means that businesses can keep automation activities active, with full visibility of their status and performance.

ServiceNow Automation Center is a powerful platform that enables businesses to achieve their automation goals through centralised management, seamless integration, and comprehensive automation monitoring and reporting.

Stay tuned for Part Two: Proactive Automation Resilience


Watch: Unify Your Hyperautomation Landscape | ServiceNow

Introduction to ServiceNow Hyperautomation

Imagine this…

You’re at work, and suddenly an application you’re using stops working. You’re in a rush and can’t afford to spend hours on the phone with technical support. But what if there was a way to get your problem solved quickly and efficiently, without ever having to speak to a human being?

The ServiceNow Virtual Agent is an AI-driven conversational chatbot that is equipped to efficiently tackle your IT issues. With just a few clicks, you can explain your problem and get instant assistance. Using a combination of ServiceNow Automation Center and Flow Designer, the ServiceNow Virtual Agent will quickly identify the submitted query and proactively initiate a conversation for resolution, without the need for human intervention.

In our initial scenario, the ServiceNow Virtual Agent would have promptly diagnosed the problem and triggered the ServiceNow Automation Center bots to restart the application service through the use of Robot Process Automation. Simultaneously, a ServiceNow incident ticket is created through the ServiceNow Flow Designer, allowing your IT department to track the issue and ensure it doesn’t happen again. All of this happens in a matter of minutes, ensuring that you can get back to work without any further interruptions, and with minimal human interference.

This is a practical example of Hyperautomation in action.

Automation vs Hyperautomation

Automation has become a buzzword in the world of technology and business, but what exactly does it mean? Simply put, automation refers to the use of technology to perform tasks or processes that would typically be performed manually by humans. This can include everything from using software bots to handle repetitive tasks, to using machine learning algorithms to make decisions based on data.

However, automation is no longer limited to simple, repetitive tasks. With the emergence of advanced technologies such as RPA (Robotic Process Automation), AI (Artificial Intelligence), and ML (Machine Learning), we have entered a new era of automation known as Hyperautomation. Hyperautomation involves using these advanced technologies to automate more complex and sophisticated tasks, such as decision-making, data analysis, and even creative work.

The goal of Hyperautomation is to create a fully automated end-to-end workflow that can deliver business value by improving efficiency, reducing errors, and increasing productivity. By leveraging the power of automation, organizations can streamline their operations, reduce costs, and free up their employees to focus on more strategic tasks.

ServiceNow Hyperautomation

ServiceNow offers a platform that combines several automation technologies, including Robotic Process Automation (RPA) Hub, Process Automation Designer (PAD), Automation Center (AC) and Integration Hub (IH), enabling organisations to automate complex, end-to-end processes.

With ServiceNow Hyperautomation, organisations can improve their overall processes, efficiency and productivity. This is achieved through the use of workflows, bots, and other automation tools that can automate everything from simple, repetitive tasks to more complex decision-making and data analysis processes. ServiceNow Hyperautomation has become an increasingly popular solution for businesses looking to stay competitive in today’s fast-paced, digital world.

Up Next…ServiceNow Hyperautomation: Part One will look at Process Optimisation, API vs RPA

Read Next…Part One: Process Optimisation

Watch: Hyperautomation and Low-Code | Knowledge 2022

The Importance of Pen Testing Your Cloud Environment

As the uptake of cloud services increases, cybercriminals are more interested than ever in exploiting vulnerabilities to attack cloud services and it’s customers. If your organisation is using cloud services, it’s important to recognise the shared responsibility model where the Cloud Service Provider (CSP) and the client share certain responsibilities, including cybersecurity. The CSP, such as AWS, Google Cloud, or Microsoft Azure, is responsible for securing the underlying services, whereas the client is responsible for the security of any cloud services that are configured and deployed. Therefore, cloud-focused penetration testing can help your organisation to fulfil that responsibility. So what are the benefits of cloud penetration testing, and how does it differ from a standard pen test?

What exactly is cloud penetration testing?

Cloud penetration testing is a simulated attack where offensive security tests are performed to find exploitable security flaws in the cloud-native infrastructure before cybercriminals do. The primary goal of this form of testing is to assess an organisation’s cybersecurity posture within the cloud environment, prevent avoidable breaches in the system, and remain compliant with industry regulations. 

Effective cloud penetration testing involves more than just leveraging an automated scanner. It also employs human skills to examine those flaws, simulate an attack, and determine how the security vulnerabilities in your cloud network could result in actual data compromise. Cloud penetration testing will help organisations learn about the strengths and weaknesses of their cloud-based architecture, consequently safeguarding the company’s data and intellectual properties, finances, and reputation more effectively. 

What’s the difference between cloud penetration testing and traditional penetration testing? 

Although cloud penetration testing applies the principle of traditional on-premise penetration testing, there is a major difference in regard to the approach and environment of testing. This is due to the fact that services in the Cloud are configured and operate differently than in an on-premise infrastructure. Depending on the type of cloud service and the provider, different manual approaches and cloud penetration testing tools may be used. 

Furthermore, the cloud environment comes from a CSP. These providers have unique and specific guidelines when it comes to conducting a pen test on their cloud service, which you must follow. 

Common security vulnerabilities in the Cloud

Some of the most common vulnerabilities that cloud penetration testing can identify include:

  • Misconfigured accounts, access lists, and buckets: Misconfigurations of accounts, access lists, and data containers are the most common vulnerabilities that can lead to a compromise of cloud security. Overly-permissive accounts or containers will violate the principle of least privilege, and therefore potentially result in data disclosure.   
  • Weak authentication, credentials and identity management: Accounts with weak authentication mechanisms allow the attacker to gain a foothold into the cloud system much easier. This compromises all of the information that those accounts can access, and if the least privilege is not strictly implemented, a deeper compromise is inevitable.
  • Data breaches: Another frequent method to compromise the Cloud is harvesting publicly exposed credentials for cloud accounts. An effective cloud penetration test can assist in identifying sensitive information in publicly available repositories, discover the likely repercussions, and provide advice on how to strengthen that aspect of your security posture.
  • Insecure interface and APIs: The attacker often scrapes the cloud infrastructure to identify any weak links that could help them to gain a foothold in the system. An experienced cloud pen tester will explore and identify those insecure entries before the cybercriminals are able to exploit them. 

Why do you need regular cloud penetration testing? 

As cloud services continue to offer new technologies to encourage businesses to move their workload to the Cloud to achieve agility, time and cost efficiency, attackers are also adjusting to changes in the cloud landscape. Therefore, the security risks associated with cloud-based systems and services are evolving rapidly. This stresses the importance of why cloud pen testing should be conducted more frequently than standard on-premise penetration testing. A skilled penetration tester will provide you with useful guidance on how to fix any security flaws found during the test, allowing you to improve your cloud security moving ahead. 

Moving forward with a trusted cloud penetration testing partner

Almost every modern organisation is using cloud services, but the majority lack the tools, methodologies, or experts at hand to conduct a cloud pen test. Partnering with an experienced cloud security provider can bring your cloud platform closer to where it needs to be from a security standpoint.

JDS Security has the experience and expertise to defend your business in the Cloud, with deep and unmatched knowledge of AWS, Azure, and Google Cloud services to help reach your cloud and digital transformation goals securely.

What is the difference between a Vulnerability Scan and a Penetration Test?

Vulnerability Scanning and Penetration Testing are terms that are often interchanged and even confused for the same activity, and while they are similar, they are not the same. So what are the key differences, and how and when should they be carried out?

What is a Vulnerability Scan?

A Vulnerability Scan is performed within your network, systems, services, or applications in the security perimeter concerned. Generally speaking, a Vulnerability Scan is fully automated, providing detailed reports on vulnerabilities found such as out-of-date frameworks and dependencies, publicly known exploits, loopholes, and common configuration issues that could lead to further vulnerabilities.

Typically, these scans are run with tools like Tenable Nessus, Rapid7 Nexpose, and Qualys, among many others, and may be tailored to your requirements.

A Vulnerability Scan is limited to providing a report on raw data and is, for the most part, unable to paint a full picture of where greater issues can arise.

One major difference between using a scanning tool and a human tester is understanding where the pieces of the puzzle can come together, such as chaining low-level vulnerabilities into a high-level critical exploit which may need far more urgent and immediate action than a scan report may suggest.

While often very detailed and including information like CVE details, CVSS scores, and overviews of the vulnerability, etc., there are often false positives presented in even the most finely tuned scans due to the lack of a discerning human eye and experience. Depending on the level of the report, the provided data may still require significant human attention to filter through and further verify, as a scan does not attempt to actively exploit its findings.

What is a Penetration Test?

As suggested by its name, a Penetration Test is a test that attempts to penetrate a system or service from outside of the security perimeter.

A Penetration Test is handled by a human penetration tester and aided by the many tools and techniques available to them, to identify and further exploit any vulnerabilities found on the subject of the test.

Having a human rather than an automated tool may be slower and more expensive on a per-engagement basis, but can provide more accurate results limiting false positives, and providing proof of concept exploitation, experience-driven vulnerability overviews, exploit pivoting, and quality remediation advice with the context of your system or service in mind.

Another advantage of a Penetration Test over a Vulnerability Scan is the ability to research on the fly, find unknown exploits including Zero Days, and find vulnerabilities that may not have been added to the Vulnerability Scanners library yet.

What and When?

While it may seem that a Penetration Test may be the best overall service to take due to its accuracy, there is a time and a place for both services, or even have them work hand in hand.

Where security is concerned, both services are valid but are not providing the complete picture when they are used separately.

Due to the automated nature of a vulnerability scanning tool, it can be set to scan at specified intervals to report changes between two or more points in time, providing a real-time surface view of your systems, network, or other services, and generating a human-friendly report, all whilst running hands-off in the background.

A penetration tester can interpret reports provided by a vulnerability scan and this can supplement a penetration test itself, in many cases helping the human tester speed up the overall engagement by targeting identified points of vulnerability rather than having to manually find them.

Both a Vulnerability Scan and a Penetration Test have their strengths and weaknesses and typically speaking, one’s strength covers the weakness of the other.

It isn’t uncommon for an organization to have a vulnerability scanner conducting day-to-day scans of systems and networks, and periodically have a human penetration tester validate and carry out further tests based on the outputs provided by the scanner. When used together in this way, you can achieve the highest level of security assurance for your organisation.

Fortifying Defense with Offense

Detecting and defending against incoming attacks is a key component of a strong blue team, and SIEM capabilities play an important part of the technology stack to achieve this. But, with rapidly evolving cyber threats, it is important to adapt and innovate to stay ahead. Joint activities between red and blue teams, known as purple teaming, allows for easy knowledge sharing and collaboration to enhance defensive capabilities.

Is ‘red teaming’ the same as penetration testing?

Penetration testing is something a red team will do, but the goal of a penetration test is to find as many vulnerabilities as possible, while a red team attack simulation will try to breach the system, access, and exploit as much as possible without being detected. This kind of activity can often include attack points that wouldn’t usually be part of a penetration test, such as social engineering, but are still important for a blue team to detect and prevent.

So, what is ‘purple teaming’?

Purple team exercises have the red and blue teams working closely together, usually in a more focused engagement to provide continuous feedback and knowledge sharing between them. The red team will attempt to exploit vulnerabilities and challenge the blue team’s detection techniques using tools and tactics that are current and used by real-world adversaries. The feedback provided back to the blue team allows them to improve their SIEM capabilities by plugging gaps in detection and enhancing automated and manual response techniques. These activities can highlight additional improvements in overall security posture, training plans and help give organisations insight into future security strategies.

Purple team engagements can have varying timelines, with shorter, more focused engagements, to more long-term engagements where the red team simulates an advanced persistent threat (APT). Regardless of scope, what is important is that the teams are collaborating and working towards the same goal. Generally, the red and blue teams working within an organisation are fairly separate and siloed. Purple teaming gets these teams working together in a more collaborative nature to enhance security capabilities by providing realistic simulations, without impacting budget. Purple team activities can often save an organisation money, as blue teams are able to improve SIEM capabilities more effectively and efficiently than if they were trying to do it on their own.

Overall, these activities can help enhance an organisation’s security posture by opening lines of communication and breaking down barriers, nurturing a more collaborative and integrated culture. Knowledge sharing boosts SIEM capabilities, improving proactivity by closing detection gaps and enhancing automation, which can improve threat hunting and incident response, making security improvements faster and more efficient. Additionally, it allows for more forward-thinking security strategies and long term improvements.

Top Five Actions to Improve Your Cyber Security Posture

The current state of Australian security breaches has thrown organisations into chaos and disarray. Australia is currently 5th in the World for cybercrime density, and 11th in the World for the average cost of a data breach ($4.5m). However, most of these breaches could have been avoided had basic cyber security hygiene been implemented.

If implemented correctly, the five items detailed below will give your organisation a fighting chance when, not if, attackers attempt to breach your networks and applications.

1) Know Your Attack Surface

You can’t defend what you don’t know exists! Before you can start defending and monitoring your networks, applications and staff, you must first identify all the assets and areas of risk that make up your overall attack surface. Ensure that you undertake daily discovery scans and conduct a gap analysis of newly discovered assets.

Additionally, it is important to ensure that your asset management system is updated regularly, all newly identified assets are added to your vulnerability management program, and those security assessments are carried out routinely.

It should go without saying that these activities should be undertaken against your Internet-facing and internal, corporate assets.

2) Secure the Network Perimeter AND the Perimeter Endpoints

The saying “the endpoint is the perimeter” has become a marshalling slogan in recent times. Unfortunately, it is quite true.

Gone are the days when the network firewall was the only point of focus for security controls. Client-side attacks are often used to circumvent perimeter controls by targeting end users directly. Endpoint Detection and Response (EDR) security controls are now a ‘must-have’ to defend against these attacks.

On the flip side, attackers continue to relentlessly target web applications and cloud platforms. Next-Generation Firewalls (NGFW) and Web Application Firewalls (WAF) are great security controls to better secure your network perimeter.

It is critical to ensure that your Internet-facing systems are security hardened! This includes implementing Multi-Factor Authentication (MFA) and a SIEM (Security Information and Event Management) to keep a watchful eye over all of your infrastructure systems and applications.

3) Perform Routine and Comprehensive Security Tests

Penetration testing has become a multi-billion-dollar industry. However, most “penetration tests” are nothing more than vulnerability scans in sheep’s clothing. It is important to implement a multi-level security testing program to provide the best insight into the security risks affecting your systems. This includes

  • Daily Vulnerability Scanning.
  • Monthly Social Engineering (Phishing) Campaigns.
  • Quarterly Penetration Testing against your networks, applications, and cloud platforms.
  • Yearly Red and Purple Team assessments.

However, this should only be the beginning. Ensure that you have implemented a robust vulnerability management program so that all findings from these engagements are being addressed and remediated promptly.

It is critical that vulnerability scanning and routine penetration testing should be performed at a minimum, even if you’re on a budget. Oh, and don’t forget to rotate your service provider for these engagements.

Complacency is a killer!

4) Develop and drill your incident response capabilities

“Everybody has a plan until they get punched in the mouth.” – Mike Tyson

All Incident Response (IR) capabilities should always be routinely refined and tested to maintain their effectiveness, in the same way as sharpening a sword. This approach is critical to putting an organisation in the best possible position to combat the next attack threatening the business. This can be best broken down into three pillars; people, process, and technology.

  • People need to be appropriately trained.
  • Processes need to be in place and routinely tested (including policies and IR playbooks).
  • Technology needs to be deployed to ensure the best systems are in place to respond and defend against cyber attacks.

All three pillars should be reviewed and updated every six months to ensure they are still relevant to the business context and aligned with industry-standard best practices. A fantastic way of performing a simulation for your Incident Response capacities is to routinely undertake Purple Teaming assessments. After all, how do you know your sword is sharp unless you use it?

5) Train your Army

An untrained army will lose every battle, every time. Cybersecurity training is often seen as an expenditure as opposed to an asset. A well-trained Blue Team can save an organisation millions of dollars when a security breach occurs.

Cybersecurity training should always be approached from multiple angles.

  • Technical training for all IT Staff, including engineers and analysts.
  • Cyber security awareness training for all staff.
  • Specific awareness training for high-value targets such as CEOs and CFOs.

Remember that while cyber security training is important, it is just as important to put the training to the test by performing in-house drills. There are several budget-friendly alternatives to the big service providers, which can include web-based training providers or even implementing a train-the-trainer style approach. Now, go drill, drill, drill, soldier!

Although the five points above do not account for every approach you can take to harden your company’s security posture, it is a great starting point to ensure you don’t become the next news headline

Manual Security Testing vs Automated Scanning?

The art of penetration testing has evolved over the years. What began with testing arrows on armour, has now become testing tools and techniques on systems and applications. Without a doubt, we are still mostly using manually driven techniques, however this can be slow, cumbersome, and subject to the human element which can result in faults and missed opportunities.

Over the last decade or so, tools to aid and automate security testing have rapidly entered the fray and are increasingly taking the burden off some of the more time-intensive tasks in the cyber security sphere, such as scanning, brute-forcing, or even full-fledged attacks commanded with single line commands. Tools such as BurpSuite, Nmap, SQLMap, Metasploit, and Nessus, among many others, have certainly sped up the discovery and exploitation of vulnerabilities, allowing more in-depth testing within often limited test windows.

Looking at the bounty of tools available to us, you may start to wonder why manual testing is required anymore. Here is a quick rundown on some of the benefits and disadvantages of both, and how using both on engagements, big and small, can be greatly beneficial.

Manual Testing – The Old Reliable

Manual testing, simply put, is the act of using little to no automation for tasks. A great example of this would be the manual exploration of a website while data is being captured by BurpSuite, where the tester can manually analyse the headers and requests as its own task later, rather than immediately after every click.

Manual testing also extends to the exploitation stage of an engagement, where the tester may need to utilise very specific commands or customised scripts to achieve the desired result.

While manual testing can be very meticulous, and provide a detailed and deep understanding of the subject of the test, it can be very time-consuming, possibly taking days longer than an automation-driven test. There are some vulnerabilities that just simply can’t be automated entirely, or are very prone to false positives if automated, and therefore will require further investigation, possibly using more time than if done entirely manually from the beginning.

Some examples of vulnerabilities that require manual testing to correctly identify and safely exploit are:

  • Social Engineering
  • Access Control Violations
  • Password Spraying and Credential Stuffing Attacks
  • SQL Injection
  • Cross-Site Request Forgery (CSRF)

Another advantage of manual testing over automation is the ability to find, and use, newly or not yet discovered zero-day exploits, which can take a significant amount of time to be implemented into commonly used tools.

Automated Testing – The Shiny New Tools

Automated penetration testing is really what is written on the package – it is the process of utilizing automation tools, such as applications, platforms, and scripts, rather than the expertise and efforts of a human tester. It can be significantly cheaper and far more time efficient (which also adds to cost efficiency) than manual testing by one or more human ethical hackers.

Automation tools can perform actions such as content discovery, vulnerability analysis, and brute forcing, in a matter of minutes or seconds, where it could take a manual tester hours or days to get the same results. Automated tools, namely scanning, can be left to run in the background while manual testing is also performed, or set to periodically scan for issues, such as Tenable Nessus keeping an eye on things and providing reports at set intervals or upon request.

When it comes to regular penetration testing, companies factor in cost, and it can be rather expensive to hire human penetration testers for regular tests or as in-house, so it can be more cost-effective to have automated tools do the day-to-day, then infrequently have a human run further tests and analysis.

There is no doubt that automation is the way of the future, and will continuously improve; however, there are many tasks that are best suited to manual testing, either due to the simple inability to automate or due to the hassle of false positives (and false negatives).

Another advantage to automation is consistency, in both its actions and results, and with the reporting at the end. As the scans and processes run are mostly, if not entirely hands-off, there is less room for human error or deviation, and therefore don’t require a highly trained expert to perform the required tasks, which ultimately can save money for the organization. Automation, however, is often unable to fully assess a threat and how it can impact you in context to your application, platform, infrastructure, network, or organisation as a whole, which is something a sufficiently trained human penetration tester can do, and make new actions accordingly. A vulnerability that may be picked up and reported as a low finding by an automation tool, could have much more critical consequences when chained with other low, or even informational, vulnerabilities.

So, what’s better? A manual or automated approach?

Simply put, both manual and automated testing methods have their place, and should always be used in penetration tests of all kinds. The level of detail and effectiveness provided by manual testing is unsurpassed, as well as contextual reporting and risk analysis that simply cannot be provided by even the best automation tools on the market. However, where speed and consistency of tasks are concerned, automation wins without question.

Although both methods can provide you with a satisfactory outcome in terms of vulnerability identification, what is best for your organization will come down to what level of detail and quality your organisation requires, the frequency of the tests, and the cost factor.

Ultimately, a combination of both manual and automated testing is the best way to get the highest quality outcome of a penetration test, with the most efficient use of time and money, to bring you a greater assurance of security and peace of mind that your assets are secure from malicious attack.

Have You Considered “Swinging” With Your Pen Testing Provider?

Have you been in a long-term relationship with your existing penetration testing vendor?  

Starting to feel like it’s time to ‘spice things up’ a bit?  

It’s easy to settle into a partnership with a vendor that you’ve got to know, they’ve got to know you along with the more intimate details of your business, and all of the ‘skeletons in your closet’.  It takes time to build that level of trust and knowledge of your organisational context.  

Recently however, there has been a whole lot of whispering behind hands, and new security best practice guidelines being circulated, which suggests that a good cybersecurity strategy should involve regularly changing or rotating your chosen pen testing vendor.  There are a number of reasons to consider the idea of “swinging” with your current pen testing provider.

You Don’t Know What You’re Missing Out On…

Familiarity breeds complacency.  And complacency deprives people of opportunities and brings growth to a standstill.  

If you’re not trying something new, you will always have reasonable doubts that your current vendor might be missing something when it comes to testing methods, skillsets or risk prioritisation. A different pen tester may have slightly different methodologies which could potentially unmask a previously unidentified vulnerability.   They may also report on vulnerabilities in a different way to what you have got used to – and who knows, you might just prefer it that way.

No Pleasure Endures Unseasoned By Variety…

No two pen testing companies are the same.  They come in differing sizes, they come with differing areas of expertise, differing levels of expertise, differing certifications, knowledge of particular industries, the list goes on.  By rotating partnering companies with varying skills, you can take advantage of each vendor’s proclaimed “specialist knowledge” to hedge your risk, and ensure you have the most appropriate pen tester for every engagement.

Rev Up The Relationship With A Little Healthy Competition

Changing up or rotating your pen testing vendors should not become a cut-throat activity, however there are some positive benefits that come with a little healthy competition.  The incoming testing partner will have the motivation and desire to please, they will be going the extra mile to deliver an improved outcome for you.  This, in turn, may drive a boost of creativity and innovation from your existing vendor, who will want to make sure the sparks are still flying, and you still recognise the value that they bring to the relationship.

As with all good relationships, new and existing, being open and transparent about what you’re looking to get out of the partnership is the key to a successful journey.  

At the end of the day, maximising your security posture is the number one goal, and if that means playing the field to see what else is out there, that may ultimately be the best decision for your organisation.  

It doesn’t mean you have to say “Au Revoir” to your long-term pen testing partner. It could simply be time to introduce a fresh perspective into the equation.  

JDS are keen to get in on the action.

What It Means To Be CREST (Intl) Accredited

Anyone with a computer and an Internet connection can set themselves up as a penetration testing or cyber incident response service provider.  These could include irresponsible organisations that do not have in place policies, processes and procedures to ensure quality of service and protection of client based information.  The individuals employed by these companies may have no demonstrable skill, knowledge or competence in the provision of security testing.

CREST is an International not-for-profit accreditation and certification body that represents and supports the technical information security market. CREST requires a rigorous assessment of business processes, data security and security testing framework to demonstrate a level of assurance that the information security methodologies used can competently and securely provide customers with a robust assessment of their cyber security posture.

As a result, CREST only provides accreditation to highly trusted professional services organisations, and their employees who provide the often sensitive and high-risk penetration testing, cyber incident response, threat intelligence and security operations centre services.

All CREST accredited member companies are required to submit policies, processes and procedures relating to their service provision to provide added assurance for the buying community.  These policies, processes and procedures include:

  • References for certified individuals
  • Assignment preparation and scope processes
  • Assignment execution processes
  • Technical methodology
  • Reporting templates
  • Data storage and Information Sharing policies
  • Post technical delivery methodologies
  • Asset/Information/Document storage, retention and destruction processes

The buying community needs to be in a position where it can procure services from a trusted company with access to demonstrably professional technical security staff.  CREST provides the buying community with a clear indication of the quality of the organisation and the technical capability of staff they employ.

JDS is a proud CREST (Intl) accredited member company who can confidently provide our customers the added reassurance that our services meet the highest professional and security standards.

Five Reasons Why Your Organisation Should Be Penetration Testing

Modern businesses require an advanced approach to security and due diligence.  Having anti-virus software and a firewall is no longer an efficient strategy to prevent highly sophisticated security attacks which can result in irreversible damage to your organisation.

A professional penetration testing service is the best way to identify the strengths, weaknesses and holes in your defences.  Read on to uncover the five best reasons why your organisation needs penetration testing.

1. Protect Your Organisation From Cyber Attacks

Reports of cyber crime within Australia have increased nearly 15% each year since 2019, with the average reported financial loss per successful cybercrime incident being $50,673. Regardless of your organisational size or sector, cyber criminals view every business as a potentially exploitable prospect. The internet is continuously being scanned in search of vulnerable systems.  Carrying out penetration tests will enable you to identify vulnerabilities that are most likely to be exploited, determine what the potential impact could be, and enable you to implement measures to mitigate or eliminate the threat.     

2. Identify and Prioritise Vulnerabilities

Put simply, a pen test will uncover all of the potential threats and vulnerabilities that could damage your organisation’s IT assets.  The resulting report prioritises these vulnerabilities from low to critical, and further categorises them by likelihood and impact.  This gives your team a clear picture of your security posture, and the opportunity to mitigate the greatest threats first before moving on to less risky ones.

3. Stay Compliant With Security Standards and Regulations

Regular penetration testing can help you to comply with security standards and regulations such as ISO 27001 and PCI.  These standards require company managers and system owners to conduct regular penetration tests and security audits to demonstrate ongoing due diligence and maintenance of required security controls. Not only does pen testing identify potential vulnerabilities, ensuring that you are protecting your customers and assets, but it also helps to avoid costly fines and fees connected with non-compliance. 

4. Reduce Financial Losses and Downtime

Recent studies have reported that the average financial impact of a major data breach in Australia is around $3.7million per incident.  This takes into account expenditures on customer data protection programs, regulatory fines, and loss of revenue due to business operability.  System downtime is incredibly costly – the longer your system is down, the more exorbitant the cost.  A penetration test is a proactive solution to highlight and fix your system’s most critical vulnerabilities, and ensure your team are ready to act if your systems were to go down unexpectedly. 

5. Protect Your Reputation and Company Loyalty

Consumers are extremely quick to lose trust in companies and brands, and all it takes is one security breach or data leak to tarnish your reputation.  Customers and partners of your organisation want to know that their private data is safe in your hands, so it is in your best interest to be aware of any vulnerabilities which may put the company’s reputation and reliability in jeopardy.  

This is just a handful of reasons why organisations should carry out regular penetration tests, but there are many more.  Connect with JDS to discuss your pen testing needs and get a full scope of work customised to your requirements.