Thinking like these cybercriminals is the first step to protecting your environment, he said. “In cybersecurity, the only perspective that matters is the attacker’s perspective. What does your environment look like through the eyes of the attacker, and how do you use that perspective to fix problems that matter?”
What’s New for Penetration Testing?
Because the cybercriminals are armed with AI, businesses need solutions of the same caliber to defend their environments.
“We need to use AI and automation first, fast and for defense,” Bickley said.
“The whole goal here is that offense drives defense,” Antani noted. “Offense helps make sure you’re facing problems that matter.”
AI helps organizations defend their environments at scale, matching the speed and efficiencies of threat actors, even when IT departments are comparatively stretched thin.
The penetration testing process previously took a long time: IT needed to first get the expenditure approved, then work with a team of security experts who poked and prodded business’s network defenses.
When organizations used Horizon3.ai’s NodeZero platform, Antani noticed “a shift toward continuously assessing your environment, fixing problems that actually mattered, and quickly running a retest to verify that you’re good to go.”
DIVE DEEPER: Optimize cyberdefense with managed security services.
However, finding the problems that actually mattered and — more specifically — “deciding what not to fix” were always challenges, Antani said.
AI offers solutions for that too.
Weighing a pen test’s value by its ability to find problems is a legacy way of thinking, Antani told Black Hat USA attendees. “The goal of the pen test is to fix problems that matter,” he said.
An automated pen test can make these identifications as part of its assessment. “Now, suddenly, what’s exploitable is what you’re going to go off and prioritize,” Antani said.