In a time when cybersecurity threats are on a sharp rise and the good guys seem to be on the back foot, cybersecurity firm Bitdefender is offering a way for businesses to get a leg up: a new cyber defence initiative called Bitdefender Offensive Services, aimed at proactively helping businesses uncover and address security vulnerabilities.
This move comes in response to data from BitDefender’s own 2023 Cybersecurity Assessment Report that suggests over half of all businesses experienced a data breach within the last year.
In the report, software vulnerabilities and zero-day threats stood out as the biggest concerns. With sophisticated cyberattacks happening every day, it’s more important than ever for businesses to find ways to withstand them. This latest offering from Bitdefender forms part of its Managed Detection and Response (MDR) capabilities, a Security-as-a-Service solution that companies can rely on to protect their infrastructure.
Offensive Services: Proactive Protection
Bitdefender Offensive Services isn’t just another weapon in BitDefender’s cybersecurity arsenal, however; it’s a completely new product that companies can call on to proactively test their existing security, identify problems, and close any security holes that are uncovered. It allows companies to go on the offensive rather than just sitting back and waiting to be attacked, in other words.
Offensive Services tests absolutely everything, covering all IT infrastructure – on-premises, cloud, and hybrid cloud – to provide a picture of the business’s security posture that’s as accurate as possible, and then provides advice on how to improve it.
With Offensive Services, BitDefender is really punting support for what’s known as the Continuous Threat Exposure Management (CTEM) methodology, which employs controlled, simulated attacks to identify and tackle potential vulnerabilities before they’re exploited in the real world.
Industry analysts have long emphasised the need for a proactive approach to cybersecurity, and a recent report by Gartner, which showcased the top technology trends for 2024, underscores this sentiment: their findings suggest that businesses adopting a CTEM-focused strategy could see a reduction in breaches by a whopping 67% by 2026. That’s certainly not insignificant.
So, what exactly does Bitdefender Offensive Services entail?
Penetration Testing
This bespoke service conducts vulnerability assessments followed by simulated cyberattacks, testing the strength and resilience of the business’s cyber defences. After the evaluation, businesses receive a comprehensive report detailing their security vulnerabilities that also provides actionable recommendations to follow that will shore up the holes that were found.
Red Teaming
The red teaming service goes beyond merely assessing the business’s situation; it offers a simulation of real-world cyber threats to test its cyber resilience further. This exercise results in practical knowledge of just how effective (or ineffective) the business’s current cybersecurity capabilities are.
What’s particularly notable about this service is its use of the MITRE ATT&CK Framework’s Techniques, Tactics, and Procedures (TTPs). Sticking to this framework ensures that the simulated threats accurately mirror the way real-life cyber adversaries operate and encompasses tactics such as social engineering, malware deployment, and more.
A Significant Enhancement
Commenting on the launch of Bitdefender Offensive Services, Andrei Florescu, SVP, Products and Engineering at Bitdefender, stressed the urgency of proactive cybersecurity measures. He highlights how the new services are not just an addition but a significant enhancement to BitDefender’s existing MDR capabilities.
“With cyber threats continually evolving, businesses need to be one step ahead. Our new services offer them a straightforward approach to improve security posture, backed by a highly skilled team of experts,” Florescu said.
Taking an Honest Look
By proactively testing their own defences and taking an honest look at their cybersecurity strategy and current capabilities, businesses can close the gap between where they are and where they need to be.
Our advice? If you were one of the many businesses to experience a data breach in the last 12 months, or you’re just worried about your current security posture, talking to your IT people is the best place to start plugging any holes you have. See what they think about “red-teaming”, ask them for their opinions on the best way to boost your infrastructure’s digital defences, and go from there.