Hackers are fast, be faster

Company: Cox Enterprises Inc Revenue: $19.2 Billion Employees: 50,000

Cyber attacks against the media and telecommunications industry are on the rise. No one knows this better than Cox Enterprises Inc., the largest private broadband company in America that serves more than 6.5 million homes and businesses. They also operate across media sectors (and recently acquired Axios to expand their activities in this space further).

One problem with having such a large footprint is identifying all the exposures attackers could exploit and determining the ones that pose the biggest risk and should be dealt with quickly.

David McLeod, VP/Chief Information Security Officer at Cox, relies on OccamSec’s Incenter platform for continuous assessment to keep up with exposures that adversaries will seek as a way into the environment. By combining machine learning algorithms and the experience of seasoned professional hackers, Incenter empowers clients to address the ‘deluge’ of technical and security vulnerabilities hidden within corporate network ecosystems. In one project alone, Incenter tested more than 480,000 endpoints whilst providing ongoing tests against a range of critical applications.

Hackers are fast, so you must be faster. Incenter becomes the digital machine learning equivalent of roving guards. Instead of roving a parking lot continuously, they’re roving every bit of my business so that I know my exposures relative to active attackers and can defend myself appropriately.

David McLeod, VP/Chief Information Security

Through the dashboard, verifiable and actionable information provides C level executives the business context and associated risks needed to make decisions. Whilst, at the same time Security engineers fix vulnerabilities in real-time and for real-world benefit.

Traditional pen testing remains a useful tool. How useful it is depends on the organization, its objectives, and its threat landscape. For those operating in frequently targeted sectors point-in-time security testing may not be adequate. For example, Palo Alto’s Unit42 published its 2022 Incident Response Report covering vulnerability and exploitation metrics last year and found that attackers typically start scanning for vulnerable systems 15 minutes after a publicly disclosed vulnerability.

That’s why companies like Cox take a continuous proactive approach to hunt down exposures and preemptively take action. During a recent national election, there were threats of ransomware attacks on radio stations to take control of broadcasts with anticandidate sentiments. Unfortunately, on-air personalities are regular targets. Incenter’s comprehensive approach to vulnerability identification, with intelligence and organizational context, ensures that the attack surface is identified, complex issues identified (via a combination of automated testing and human experts) and remediative action taken before issues can be exploited. All of this happens on an ongoing basis, issues are reported as they are discovered, there is no need to wait for an end of engagement penetration test report.

The platform’s value is that it assists my team in understanding our real-time posture. It simplifies complex informational and intelligent data points into what to work on next and to help my cyber engineers do their jobs.

David McLeod, VP/Chief Information Security

Incenter has identified a range of exposures across the Cox environment, many of which could only be uncovered through combined automated and expert testing. This included complex bypasses for certain security controls and several zero-day vulnerabilities. In all cases remediation guidance was provided, and issues re-tested as required.

With continuous testing via Incenter, clients like McLeod can grow capability without growing tools and staff. As the Incenter platform evolves, more and more security services can be ingested by the platform or even replaced (right now it combines penetration testing, attack surface management, threat intelligence and automated testing) leaving security personnel with a “single source oftruth” on the exposures they need to be most concerned with, the impact they could have on the organization, and how to fix.