The US government’s Cyber Defense Agency is recommending for the first time that companies use automated continuous testing to protect against long-standing Internet threats. From the report: Guidance from a group of U.S. and international agencies released Wednesday urges businesses to strengthen their defenses by constantly reviewing their security program against known threats, rather than taking a more piecemeal approach. “The authoring agencies recommend that you continually test your security program at scale,” the Cybersecurity and Infrastructure Security Agency and a number of other US and international agencies said in a warning. The alert warned that attackers allegedly linked to the Iranian government’s Islamic Revolutionary Guard Corps were exploiting known vulnerabilities for ransom operations. A CISA spokesman told Bloomberg ahead of the announcement that emulating adversaries and testing against them is key to defending against cyberattacks. Central to this effort is a freely available list of the most common cyberattack tactics and procedures, which was first published in 2015 by MITRE, a federally funded research and development center, and is now regularly updated. While many organizations and their security contractors already refer to this list, too few are testing whether their systems can actually detect and overcome them, a CISA spokesperson said.
The US Cyber Defense Agency is urging companies to automate threat testing
