In a Multi Cloud World, Black Box, Grey Box and White Box Simulations Designed to Ensure Applications and Services are Fully Protected
By: Reut Hackmon, Chief Security Advisor At Cybrella, Tel Aviv
As the cloud computing revolution has taken off, it is important to remember the major security dangers that come along with it. If an organization is utilizing the cloud for storage and communication, then it is necessary to invest requisite time and money in proper cloud security.
The Financial Times reported on July 19th that spyware being made by the Israeli cyber intelligence company, NSO, will be able to hack the clouds of Google, iCloud, and Facebook if they are able to infect phones via authentication keys. This is concerning as this hack can occur without prompting 2-step verification or a warning email, which many people view as their safety net for their cloud-based world that exists on their smartphones. Since smart phones regularly back-up to the cloud, this is a disconcerting trend, and emphasizes the importance of securing cloud assets.
One highly effective method of cloud security is Cloud Penetration Testing, which is just Advanced Penetration Testing specifically for the cloud. This type of offensive security simulates the most malicious hackers to identify security vulnerabilities within the cloud.
Depending on the amount of information given to pen-testers, cybersecurity teams can carry out black box, grey box or white box simulations.
Just as it sounds, this gradient of testing goes from simulating the average hacker with no internal knowledge to simulating a full internal knowledge hacker with complete access to source code, architectural documentation, and more. Black box simulations are the average hacker, grey box simulations are the intermediary, and white box simulations have full access, each simulation having its own unique advantage.
Black box tests look for vulnerabilities, without the tester having received reference information in advance of the test. Grey box tests simulate an attacker who has had longer term access to a network and is already aware of the greatest assets within the organization. In white box testing, participants have an internal perspective of the system and can be the best choice for calculation tests as they provide the most comprehensive assessment of both internal and external weaknesses.
Cybrella provides black box, grey box, and white box testing depending on the amount of information an organization feels comfortable providing to us. Our highly experienced team is well-versed in the cybersecurity challenges presented by cloud environments, making us proficient ethical hackers.
Rapid advances in technology in Smart Cities are growing in parallel with advancements in Smart Factory and other Industrial IoT (IIoT). What makes them similar? The number of endpoints, for one, as deployments are growing larger and more complex.read more
For better or worse, technology is taking over. And I don’t mean in the obvious “everybody is connected to their smartphone” kind of way. Rather, in a more holistic and invasive way, we are letting technology reach and control every little aspect of our lives.read more
The Industrial Internet Consortium recently announced the publication of the Data Protection Best Practices White Paper, as another collaborative step in establishing data security, privacy and trust enhancements across multiple devices, sensors, gateways, applications, clouds and systems being deployed in industrial settings.read more