By: Brian Contos
By leveraging security instrumentation platforms, you are bringing together red and blue teaming initiatives with greater symbiotic mutualism across three major areas. First, you can validate the efficacy of security controls such as firewalls, WAFs, DLPs, EDRs, and SIEMs. If those controls aren't working as needed, you can leverage perspective analytics to instrument them. Second, you can apply configuration assurance to verify that a change that has been made actually does what's desired. You can also determine if that change negatively impacts other facets of security. Third, you can utilize automated, ongoing checks to ensure that what was working continues working in perpetuity. Should something stop functioning, blocking, detecting, correlating, etc., as needed, alerts will be generated in response to the environmental drift. We need to readjust so that we are focusing on security effectiveness and the efficacy of our security controls. We need to industrialize our approach to red and blue teaming with security instrumentation through automation, environmental drift detection, prescriptive actions, and analytics that enable us to finally and empirically manage, measure, and improve security effectiveness.