While an attacker only needs to be right once, security teams must be right every time. That’s why SOC teams must stop ransomware attackers from exploiting AD weaknesses.

Operating in shifts around the clock, Security Operations Center teams strive to prevent, detect and respond to cybersecurity threats and incidents. But in an evolving threat landscape where bad actors relentlessly attack critical assets such as Active Directory, security analysts find that traditional SIEM (Security Information and Event Management) solutions fall short. Consider major ransomware operators such as LockBit 2.0, Conti, and BlackMatter—they all used AD to introduce or propagate malware.

SOC teams rely on SIEM solutions to aggregate and correlate log and other data from assets across an organization’s IT infrastructure, including AD. While the SIEM is a powerful solution to monitor the network infrastructure in general, it was never designed for the specifics of AD security. 

Key challenges faced by SOC teams include:

False positives: Analysts in the SOC struggle dealing with the myriad alerts generated by SIEM solutions, and pinpointing the few truly critical events. As a result, SOC teams spend too much time assessing countless false alarms, which impacts their ability to address real threats effectively. 

Difficulty preventing backdoor creation: Recent ransomware attacks reveal that hackers increasingly understand they can easily gain unrestricted access to a victim’s AD environment by exploiting misconfigurations and creating backdoors. Combating this threat requires capabilities that go beyond what a SIEM has to offer.

Adding the intelligence piece to SIEM

How can SOC teams gain more visibility into AD so they can better detect threats that fall through the cracks of a traditional SIEM? 

An AD-specific solution such as Tenable.ad does not just fill the gaps of a traditional SIEM but actually integrates with SIEMs to improve AD security and increase SOC efficiency, enhancing the organization’s cybersecurity posture. Tenable.ad adds the “AD intelligence” piece to your SIEM, eliminating false positives and zeroing-in on the critical vulnerabilities that must be addressed right away. With Tenable.ad, SOC teams boost their productivity and efficiency, and strengthen the security of their AD environments.

Read our white paper Must-Have #1: Make Your SOC Identity-Aware and you’ll learn:

Why SOC teams struggle to monitor Active Directory and to detect live attacks with generic SIEMs
How SOC teams can fill the gaps of their SIEM using an AD-specific solution
How Tenable.ad acts as a pre-SIEM solution to bolster security defenses and boost SOC efficiency

Download the white paper!

Read More

An investigation found Zuckerberg had lax oversight of users and created misleading privacy agreements

Read More

DCMS announce 14 finalists of the UK’s Most Innovative Cyber SME Competition

Read More

A practical approach to understanding shift left security and how shifting security left can help teams achieve DevSecOps success. 

As a critical part of DevSecOps, shifting left has become a key aspect of the modern software development process. Traditionally, security was applied at the end of the software development lifecycle (the right side) and treated as an afterthought. As a result, the security checks and tests would often miss flaws in the code, such as vulnerabilities and misconfigurations, while also slowing down the software release process.

Now, to address these issues, CISOs and security leaders are implementing shift left security, enabling DevOps teams to scale faster while detecting and minimizing risks early on. With a shift left approach, security is applied proactively and early in the DevOps cycle, reducing the time and cost of software development and boosting application’s cyber hygiene, while facilitating CI/CD (continuous integration / continuous deployment.)

It requires a holistic approach to security, one that embraces cultural change and fosters collaboration among development, operation and security teams. By shifting left, organizations are putting security at the forefront of their business strategy and can therefore improve their overall security posture. 

Here, we’ll take a practical approach to understanding shift left security and why it’s a game-changer for DevOps.

What is shift left security? 

Over the last decade, the term “shifting left” has grown in popularity, becoming a buzzword in its own right among the DevOps community. But what exactly does it mean?  

Coined by Larry Smith in 2001, shifting left is an “approach used to speed software testing and facilitate development by moving the testing process to an earlier point in the development lifecycle. Shifting left is a reference to moving testing to the left on a timeline,” according to TechTarget. 

The concept of shifting left is all about prevention. It urges DevOps and security teams to be proactive rather than reactive, thus shifting the focus from a reactive state to a proactive one. Shifting left is an agile practice that offers early visibility into development issues, bugs and errors so that they can be addressed and resolved earlier rather than later. 

Traditionally, DevOps teams centered their efforts on agile development, pushing out products and releasing new features to get them to the market faster, but often without taking security into consideration, resulting in release delays, misconfigurations, undetected vulnerabilities and compliance violations. 

However, the concept of shifting left was introduced to combat the issue of “security as an afterthought,” by applying security earlier in the development pipeline rather than at the end. Therefore, with security applied earlier on, DevOps teams can remain agile while simultaneously boosting their organization’s security. 

Shifting left with DevSecOps

Shifting security left starts with DevSecOps. It requires organizations to embrace the DevSecOps culture, creating an environment where development, operations and security teams can thrive and work together to ensure that security remains the top priority. 

Traditionally, development and security teams operated independently of one another, working in silos to achieve business goals. Developers were responsible for writing code while security was responsible for identifying and eliminating vulnerabilities and risks. Consequently, this resulted in a disconnect between DevOps and security. DevOps viewed security as a hindrance to their ability to work at their desired speed, while security viewed DevOps as apathetic and unwilling to adhere to security guidelines and regulations. Therefore, a solution was needed that bridged the gap between DevOps and security, and the concept of DevSecOps was born. 

Now, CISOs and security leaders are implementing a DevSecOps approach in their organizations to ensure that all team members are sharing the responsibility for security. A collaborative culture is key for organizations transitioning into DevSecOps. Additionally, DevSecOps enables security to become an ongoing conversation, helping to establish a strong security culture within the organization. With security now seen as a “shared responsibility” rather than just the onus of the security team, organizations can implement shifting left as a part of their security strategy. By involving DevOps teams in security, teams can ensure that any security concerns are addressed while applications are being developed rather than after they are deployed. 

Best Practices for shifting left 

The hardest part of shifting left is related to culture and collaboration, but there are a few best practices that DevSecOps teams can implement to shift left successfully: 

1. Adopt a test-driven development approach 

Test-driven development is centered on shift left testing in the coding phase. It if focused on improving the quality of the code that developers are writing while creating unit tests. TDD addresses the intent or the “why” behind the code being written. With TDD, the quality of the code is enhanced and tested frequently to ensure that the code being written is executed successfully. Developers can write tests for the codes that they’re developing while thinking of various scenarios and solutions to help prevent bugs and other security issues from being developed in the code and discovered in the later stages of the development lifecycle. 

Implementing TDD can help DevOps team shift left better by enabling them to produce high-quality code at a faster rate and with fewer bugs and vulnerabilities. By adopting a TDD approach, teams can receive feedback to identify, eliminate and remediate issues early, therefore boosting the overall quality of the code and helping them focus on continuous integration and delivery.  

2.  Embrace test automation 

Test automation is key to supporting DevOps teams working in agile environments. It enables DevOps teams to create a robust testing environment where tests can be run quickly and effectively while providing feedback on security issues, bugs, vulnerabilities and the quality of the code. By embracing test automation, security can be strengthened as it removes the need for “human interaction,” and it ensures that policies are enforced and maintained. Automation enables continuous integration and delivery by implementing automated unit tests into the pipeline. 

As explained in Tenable’s white paper “How to Use Auto-Remediation to Achieve DevSecOps,” automation is key to “reducing the manual workload of any process and is one of the reasons CSPM tools have found success.” For example, CSPM tools enable enterprises to proactively identify and eliminate any issues, such as misconfigurations and other vulnerabilities, by continuously monitoring security risks across the entire lifecycle. It works to provide unified visibility into cloud workloads to prevent cybercriminals from committing attacks. CSPM continuously scans and assesses cloud environments, surfacing potential threats ensuring adherence to compliance policies and reducing drift. However, if drift does occur, actions can be taken automatically to remediate it through automation. With that being said, it’s important for DevOps teams to have the right test automation tools in place such as CSPM and other security tools to help teams remain agile and reduce time to market. 

3. Find the right security tools 

Security practices, concepts and tools such as automation, security as code and infrastructure as code can be applied when shifting left. These reduce human errors and mitigate risks as security tests and audits are run to make sure that code is secure and that applications are performing as they should be. Through automation and defining security in the code and infrastructure, teams can identify any potential flaws and issues that may interrupt their release schedule for different products and features. Not only will this save organizations time and money, but it’ll also boost the organization’s security efforts leading them to develop a strong security culture. 

While shifting left, be sure to provide DevOps teams with the right DevSecOps tools so that they can look for any opportunities for improvements. Tools such as Static Application Security Testing Tool (SAST), Dynamic Application Security Testing Tools (DAST) and the Software Composition Analysis Tools are “developer-friendly” and can help developers write more secure code. With security built directly into the CI/CD pipeline, the quality of applications significantly increases and can accelerate DevOps. 

Shifting left with DevSecOps is the right approach and provides numerous benefits for the organization. 

Benefits of shifting left 

There’s a wealth of benefits that shifting left offers: 

1. Increased agility 

Perhaps the most significant benefit of shifting left is its ability to increase business agility and efficiency among the development, operations and security teams. By shifting left, vulnerabilities and other security flaws can be detected and remediated early on, reducing issues during the final stages of development and enabling teams to go to market faster. 

2. Reduced costs 

Shifting security left can significantly reduce costs by reducing the number of security issues that are detected after the software has been deployed in production, a stage at which remediation is much costlier and disruptive. The time and money that it takes to remediate those issues in production impacts DevOps teams’ ability to be agile and fast. 

3. Minimize risks 

A shift left approach increases the quality and security hygiene of code, yielding applications that have fewer vulnerabilities, malware, misconfigurations and other flaws. As a result, applications in production are at a lower risk for breaches. 

4. Build a security culture 

Shifting left can help organizations establish a strong security culture. Shifting left provides a wealth of opportunities for DevSecOps teams to put security at the forefront and take a holistic approach to security. This promotes strong collaboration among DevOps and security teams and provides plenty of opportunities for areas of improvement. A strong security culture is key to organizational success — and shifting left forces teams to take a more proactive approach to security. 

Learn More 

Read this blog: 3 Ways Security Leaders Can Work With DevOps to Build a Culture of Security 
Download the whitepaper: Using Auto-Remediation To Achieve DevSecOps 
To learn more about our capabilities, visit the Tenable.cs Product Page  

Read More