For Unbiased Evaluation, Take on Real-World Security Testing
Cyberthreats are becoming increasingly sophisticated, with attackers employing advanced techniques such as zero-day vulnerabilities, ransomware and lateral movement to bypass traditional defenses. Moreover, as infrastructure continues to expand with the addition of remote users, devices, sites, cloud environments and IoT, it’s becoming progressively harder to effectively protect and monitor all attack surfaces.
Converging multiple security functions into a single, cloud-native service, SASE (Secure Access Service Edge) is being hailed as a silver bullet for these challenges. According to Gartner, by the end of this year, half of organizations will have explicit strategies to adopt SASE. With traffic shifting away from enterprise data centers at branches and edge computing locations, IT leaders need an alternative design for securing users and devices that need ubiquitous access.
But can SASE truly withstand the tactics used by modern adversaries and are its protection mechanisms truly capable of defending against AI-fueled threats? Without an honest, unbiased evaluation, it’s difficult to know whether any alleged solution can withstand the relentless threats posed by modern attackers.
Why Real-World Security Testing Matters
Real-world security testing offers three major benefits:
- Tests real-world performance: Real-world testing evaluates how the platform performs under various conditions, such as novel attacks, complex user behaviors and unpredictable traffic volumes.
- Validates vendor claims: Most security vendors make bold statements about the value of their products. Real-world testing provides objective evidence to validate such claims, thereby ensuring that the solution delivers on its promises.
- Builds confidence: Knowing that the security solution has been rigorously evaluated in real-world scenarios can build confidence among buyers and stakeholders, particularly suite executives and security teams.
Putting Our SASE Through Rigorous Testing
With help from an independent analyst firm, we used a powerful breach and attack simulation (BAS) tool called SafeBreach to test our SASE platform against real-world threats. The testing focused primarily on three areas: Perimeter security, internal security (i.e., lateral movement) and data exfiltration (i.e., data outflows). These areas were chosen because they represent critical stages of a cyberattack and are often targeted by adversaries:
Perimeter Security: Perimeter is usually the first line of defense against external threats. We used the BAS tool to simulate various attack vectors, such as brute force attempts, exploitation of known vulnerabilities, malware injections and Command & Control communications, to assess the strength of our perimeter defenses. The goal was to determine whether unauthorized actors could gain access to the network.
Internal Security: Once inside a network, attackers often move laterally to escalate privileges and access sensitive data. The testing team mimicked these tactics to evaluate whether SASE could detect and prevent unauthorized lateral movement. This included testing the effectiveness of segmentation, access controls and intrusion detection systems.
Data Exfiltration: Exfiltration of sensitive data is a primary objective of most cyberattacks. We simulated scenarios where attackers attempted to extract data from the network, testing SASE’s ability to monitor and block suspicious outbound traffic. This included evaluating data loss prevention (DLP) mechanisms and encryption protocols.
Results of the Security Testing
Comprehensive testing revealed several insights under two distinct conditions – with SASE security enabled and disabled.
- Perimeter Security: SASE demonstrated strong resistance to external attacks, successfully blocking all brute force attacks, malware transfers and covert malware injections, C&C communications and exploitation attempts on unpatched services. Not surprisingly, when security features were disabled, a negligible number (1%) of simulated external threats were blocked.
- Internal Security: SASE enhanced internal network security by successfully blocking the majority of brute force and remote exploitation attempts. It prevented 98% of lateral movement attempts, demonstrating robust internal defense capabilities. As with perimeter testing, when security features were turned off, only 1% of lateral movements were thwarted.
- Data Exfiltration: SASE significantly strengthened protection against data leaks and exfiltration attempts. With the security controls activated, 99% of simulated exfiltration attempts – either through covert or legitimate channels – were successfully blocked. This marks a substantial improvement over the unprotected scenario, where 98% of exfiltration attempts were successful.
For organizations that are evaluating security controls, independent testing offers an unvarnished assessment of integrity and performance, of effectiveness. Taking the added measure of fully subjecting security controls to breach and attack simulations can greatly improve security resilience without adding operational costs, comply with data protection mandates and boost confidence in thwarting advanced cyberthreats.
