The cybersecurity landscape was fast shifting even before Russia invaded Ukraine. There is a possibility the invasion will lead to a flurry of cyberattacks that will put new tools and techniques into the hands of state actors and cybercriminals. For most people trying to secure an infrastructure, your odds are poor.
One way to increase your chances of success is to look at your network as a cyberattacker would. Penetration testing or “pen testing” is a common methodology to identify weaknesses in a system. The systems you want to think about range from router/gateway devices to laptops, desktops, servers, and IoT devices on your network. The fastest path to a cyberattack is typically going to be the weakest device you allow onto your network.
Unfortunately software in general is notoriously insecure. Even router and gateway devices, which should be highly secure, are often riddled with outdated software and dependencies that have known vulnerabilities. Worse, features like uPnP are commonly turn on by default when anyone who has ever read a little bit about security knows you should never enable uPnP.
So without hiring a state of the art pen tester to go poking holes at your network and systems, the options are not great. However, a new-ish company has an amazing solution that could help. Horizon3.ai has an AI-driven penetration test suite it calls NodeZero. It provides a massive configuration of penetration tests that will run in an automated fashion against the devices on your network. It runs a number of known exploits – typically the easiest ones attackers will use to see if you’re a weak or soft target.
These tests will quickly alert you to any obvious holes you may need to fix. Some may be more critical than others and the tool will also help triage which are most critical.
Horizon3.ai also tests for widely exploited vulnerabilities like log4shell/log4j issues.
Getting started is pretty simple. Just set up their docker image on a system on your network, pick a penetration test suite to run and off it goes trying to attack anything it can on your network. Be forewarned: all of your security products that are set to detect intrusion attempts or other nefarious activity will (or should) go crazy while these tests are run. If nothing is alerting you, well … you may want to take another look at your intrusion detection solution.
The tests can take a while – a couple hours on a complex home network. The tests appear to be thorough and even running it on a home network identifies issues that need addressed. Home networks are not typically the ideal target due to the limited spoils of an attack, but this is definitely an interesting solution to run in a SMB/SME corporate environment. Do make sure you get permission before running it though or you’re likely to violate ever security policy written.
Disclosure: I have no affiliation with Horizon3.ai and will not receive any compensation or other benefit for this post.
