Increase driven by increasingly sophisticated cyberattacks as well as increase in mobile-based business-critical applications, according to report.

**CHICAGO****, Aug. 24, 2022 /PRNewswire/** -- Penetration Testing Market size is expected to grow from an estimated value of USD 1.4 billion in 2022 to 2.7 billion USD by 2027, at a Compound Annual Growth Rate (CAGR) of 13.7% from 2022 to 2027, according to a new report by MarketsandMarkets™.

Some of the factors that are driving the market growth include regular penetration testing practices required due to strict regulations and compliances; increasing sophistication of cyberattacks, causing organisations to suffer financial and reputational losses; and more people are using smartphones and the internet, leading to an increase in mobile-based business-critical applications.

_Browse in-depth TOC on_ **"Penetration Testing Market"  
401 – Tables  
49 – Figures  
320 – Pages**

**Download PDF Brochure:** https://www.marketsandmarkets.com/pdfdownloadNew.asp?id=13422019

**By deployment mode, the cloud segment is projected to grow with a higher CAGR during the forecast period.**

An authorized, simulated cyberattack on a system that is hosted on a cloud provider, such as Microsoft Azure or Amazons AWS, is known as cloud-based penetration testing. Finding a system's vulnerabilities and strengths allows for an accurate assessment of its security situation, which is the fundamental goal of a cloud penetration test. Increased technical assurance and a greater comprehension of the attack surface that the systems are exposed to are two main advantages of a cloud penetration test. Whether they are Infrastructure as a Service, Platform as a Service, or Software as a Service, cloud systems are susceptible to security vulnerabilities, attacks, and threats similar to traditional systems. Despite cloud service providers providing more effective security measures, it is ultimately the organization's responsibility to secure its cloud-based operations. As a result, businesses must use penetration testing services for the cloud both now and in the future.

**By Type, the web application segment to hold a larger market size during the forecast period.**

With an increase in the use of web applications, the business process has changed along with sharing and accessing data. Because of this, malicious attackers get an opportunity to intrude into the system. Therefore, web application pen testing has become important to defend the application and network. Web application penetration testing simulates unauthorized attacks internally or externally to access sensitive data. This process helps end users discover the possibility for a hacker to access the data from the internet, check out the security of their email servers, and secure the web hosting site and server. Furthermore, the outcomes of web application penetration testing help identify and mitigate the security weaknesses in web applications and other components, such as source code, back-end network, and database associated with application penetration testing.

**Request Sample Pages:** https://www.marketsandmarkets.com/requestsampleNew.asp?id=13422019

**By region, Europe to grow at a significant CAGR during the forecast period.**

Europe comprises the major growing economies, including the UK, Germany, and France. The region has been exhibiting continued growth in adopting penetration-testing solutions. The growing number of mobile users accessing huge amounts of business data and the lack of skills have led to concerns over data security and privacy breaches across the region.

In Europe, penetration testing is mostly adopted to comply with regulations, such as the Payment Card Industry Data Security Standard (PCI DSS) or the EU GDPR. Various regulations and standards have multiple offerings specifically related to system auditing and security and either indicate or specify that penetration testing is necessary to determine whether identified vulnerabilities pose a genuine risk to an organization. Red teaming has become an increasingly present practice in the finance sector. The EU has developed the Threat Intelligence-Based Ethical Red (TIBER) teaming initiative to test the resilience of European financial institutions with regard to cyberattacks.

**Get 10% Free Customization on this Report:** https://www.marketsandmarkets.com/requestCustomizationNew.asp?id=13422019

**Market Players**

Major vendors in the global **Penetration Testing Market** include Rapid7 (US), Secureworks (US), Synopsys (US), CrowdStrike (US), IBM (US), Coalfire Labs (US), Indium Software (US), Cigniti Technologies Ltd. (US), Trustwave (US), Cisco Systems (US), Fortinet (US), Bugcrowd (US), Invicti (US), Hackerone (US), Raxis (US), RSI Security (US), Rhino Security Labs (US), Sciencesoft Limited (US), Portswigger (UK), Netragard (US), Software Secured (Canada), Vumetric Cybersecurity (Canada), Nettitude (UK), Zimperium (US), NowSecure (US), SecurityMetrics (US), NetSPI (US), CovertSwarm (UK), Holm Security (Sweden), Intruder Systems (UK), BreachLock (US), ISECURION (India), and Redbot Security (US).

**Browse Adjacent Markets**: Information Security Market Research Reports & Consulting

**Related Reports:**

**Application Security Market** by Component (Software Tools (SAST and DAST) and Services), Type (Web Application Security and Mobile Application Security), Organization Size, Deployment Mode, Vertical (Healthcare and BFSI), and Region — Global Forecast to 2025

**Automated Breach and Attack Simulation Market** by Offering (Platform and Tools, and Services), Service, Deployment Mode, Application (Configuration Management, Patch Management, and Threat Intelligence), End User, and Region — Global Forecast to 2025

**About MarketsandMarkets™**

MarketsandMarkets™ provides quantified B2B research on 30,000 high growth niche opportunities/threats which will impact 70% to 80% of worldwide companies' revenues. Currently servicing 7,500 customers worldwide, including 80% of global Fortune 1000 companies as clients. Almost 75,000 top officers across eight industries worldwide approach MarketsandMarkets™ for their pain points around revenues decisions.

Our 850 fulltime analyst and SMEs at MarketsandMarkets™ are tracking global high growth markets following the "Growth Engagement Model — GEM". The GEM aims at proactive collaboration with the clients to identify new opportunities, identify most important customers, write "Attack, avoid and defend" strategies, identify sources of incremental revenues for both the company and its competitors. MarketsandMarkets™ now coming up with 1,500 MicroQuadrants (Positioning top players across leaders, emerging companies, innovators, strategic players) annually in high growth emerging segments. MarketsandMarkets™ is determined to benefit more than 10,000 companies this year for their revenue planning and help them take their innovations/disruptions early to the market by providing them research ahead of the curve.

MarketsandMarkets's flagship competitive intelligence and market research platform, "Knowledge Store," connects over 200,000 markets and entire value chains for deeper understanding of the unmet insights along with market sizing and forecasts of niche markets.

Penetration Testing Market Worth $2.7B By 2027: MarketsandMarkets(TM) Report

Optiv's Black Employee Network offers the scholarship, paid out over 4 years, for students seeking a career in the cybersecurity/information security industry.

**KANSAS CITY, Mo., Aug. 24, 2022 /PRNewswire/** — As part of its continued commitment to diversity within the cyber and information security fields, Optiv, the cyber advisory and solutions leader, is accepting applications until Jan. 27, 2023, for its annual $40,000 scholarship for Black, African-American-identifying STEM (science, technology, engineering and mathematics) students.

Awarded by Optiv's Black Employee Network, the scholarship is paid out over four years. Previous recipients include AJ McCrory, a freshman studying computer science with an emphasis on software development at James Madison University, and Lauren Harris, a sophomore studying biology and computer science at Princeton University.

Applicants must meet the following qualifications to apply:  
— Be a graduating high school senior.  
— Verify acceptance into an eligible degree program in a STEM-related field (including, but not limited to, computer science, electrical engineering, math, etc.).  
— Minimum cumulative high school GPA is 3.5 on 4.0 scale.  
— Must maintain a cumulative undergraduate GPA of at least 2.8 on 4.0 scale over the course of four years to remain eligible for the scholarship.  
— Be planning a career in cybersecurity/information security.  
— Complete the scholarship application, including a one-page essay and two letters of reference.  
— Identify as Black and/or African-American (African, African-American, Caribbean, for example) and be a US Citizen, US national or permanent resident.  
Qualified candidates are encouraged to apply and learn more about the scholarship program here.

"It's our belief that our organization is at its best and our clients are better-served when a diverse range of voices has the opportunity to be heard, lead, and make an impact," said Heather Strbiak, Optiv's chief human resources officer. "We want boardrooms and breakrooms across our industry to more closely represent the population at large. By dedicating effort and resources to spur that outcome, we're aiming to close the talent and diversity gap in cybersecurity."

Optiv's Black Employee Network (BEN) is entirely employee-driven and part of the company's Diversity, Equity, and Inclusion (DEI) initiative.

"The most creative, thought-provoking, and successful projects I've worked on have been the result of inclusive environments where everyone's unique ideas were valued and represented," said Tesfaye Williams, Optiv's BEN community outreach leader. "This scholarship is our way of ensuring the cybersecurity industry continues to progress and be an attractive career path for people of color seeking to make a difference."

Optiv honors and embraces the diverse perspectives, ideas, backgrounds, and experiences of its people. The company's approach to DEI is grounded in listening, learning, and growing.

Learn more about Optiv at https://www.optiv.com/company/optiv-newsroom.

Follow Optiv  
Twitter: www.twitter.com/optiv  
LinkedIn: www.linkedin.com/company/optiv-inc  
Facebook: www.facebook.com/optivinc  
YouTube: www.youtube.com/c/OptivInc  
Blog: www.optiv.com/explore-optiv-insights/blog

**Optiv Security: Secure greatness.™**

Optiv is the cyber advisory and solutions leader, delivering strategic and technical expertise to nearly 6,000 companies across every major industry. We partner with organizations to advise, deploy, and operate complete cybersecurity programs, from strategy and managed security services to risk, integration, and technology solutions. With clients at the center of our unmatched ecosystem of people, products, partners, and programs, we accelerate business progress like no other company can. At Optiv, we manage cyber-risk so you can secure your full potential. For more information, visit www.optiv.com.

SOURCE: Optiv Security Inc.

Optiv's Annual $40K Scholarship for Black, African-American-Identifying STEM Students Now Open for Applicants

The US Cybersecurity and Infrastructure Security Agency had wanted federal agencies to implement the fix for the RCE flaw in Hikvision cameras by Jan. 24, 2022.

Some 2,300 organizations worldwide — many of them in the United States — remain at risk of major compromise via a known critical remote code execution (RCE) vulnerability in Hikvision IP video cameras that was disclosed last year.

The bug (CVE-2021-36260) is a command injection vulnerability that is present in the Web server of several Hikvision cameras. Attackers can exploit the vulnerability to launch commands that allow them to gain complete root-shell access to an affected device — something that even the owners don't have, according to the researcher that discovered the flaw.

The organizations using the unpatched devices are at risk of network compromise, and potentially even physical attack; attackers could use the zero-click vulnerability to take complete control of affected Hikvision cameras. From there, they could disable them ahead of a physical breach, or use them to breach connected enterprise networks, launch denial-of-service attacks on them, add them to a botnet, steal data, and carry out other malicious actions. 

"This is the highest level of critical vulnerability — a zero click unauthenticated remote code execution (RCE) vulnerability affecting a high number of Hikvision cameras. Connected internal networks at risk," according to the bug report.

The firmware vulnerability was discovered in June 2021 and reported to the hardware vendor, which then issued a patch for it last September. However, close to a year later, tens of thousands of affected devices — whose users include at least some federal civilian agencies — remain unpatched against the vulnerability.

**Hikvision Camera Analysis**

Researchers from Cyfirma recently analyzed a sample of 285,000 Internet-facing Hikvision cameras and found some 80,000 of them that are still open to exploit via the vulnerability. 

The countries with the greatest number of vulnerable devices were China (12,690), the US (10,611), and Vietnam (7,394). Other countries with a sizeable number of vulnerable Hikvision cameras included the United Kingdom, Ukraine, Thailand, and South Africa. The cameras belong to more than 2,300 organizations scattered across these and other countries.

In its vulnerability disclosure last September, Hikvision listed dozens of its products as being impacted by the vulnerability — some going as far back as 2016. The company had urged organizations using affected Hikvision cameras to install updated firmware to patch the flaw and guard against potential attacks targeting the flaw. 

The US Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2021-36260 to its catalog of known exploited vulnerabilities on Jan. 10 this year, and it required federal agencies using Hikvision cameras to install the firmware updates by Jan. 24.

According to Cyfirma, nearly a year after the flaw was disclosed, attacker interest in it remains high. The security vendor said it had observed multiple instances where threat actors sought to collaborate with each other to exploit the flaw.

"Specifically in the Russian forums, we have observed leaked credentials of Hikvision camera products available for sale," Cyfirma said. "These can be leveraged by hackers to gain access to the devices and exploit further the path of attack to target an organization's environment." Cyfirma noted it has reason to believe that a few Chinese threats actors, including APT41 and APT10, are also looking to exploit the vulnerability to breach target networks where possible.

In a blog post this week, security vendor Malwarebytes noted that adversaries have few obstacles to exploitation given several proofs-of-concept that have been published. These include a potential exploit for it that was published on Packet Storm last October; a Metasploit module based on CVE-2021-36260 that Packet Storm published this February; and reports of a Mira botnet variant called Moobot that was spreading via the Hikvision vulnerability. 

"Given the amount of available information, it is trivial even for a 'copy and paste criminal' to make use of the unpatched cameras," Malwarebytes warned.

The researcher who discovered the flaw — who goes by the handle "Watchful\_IP" — described the vulnerability as trivial to exploit, giving attackers the ability to take complete remote control of Hikvision cameras simply by accessing the camera's http(s) server port, which usually is 80/443.

"No username or password \[is\] needed, nor any actions need to be initiated by the camera owner," the security researcher observed in his initial vulnerability disclosure last year. "It will not be detectable by any logging on the camera itself."

Vulnerabilities in IoT devices — which can be anything from video cameras and building management systems to critical Internet-connected systems in medical, industrial control systems (ICS), and operational technology (OT) networks — present a growing challenge for enterprise organizations. A new report from Claroty this week noted a 57% year-over-year increase in vulnerability disclosures involving IoT products. 

The security vendor's study showed that for the first time the percentage of disclosed firmware vulnerabilities, like the one in Hikvision cameras, was nearly the same as the percentage of software vulnerabilities — 46% vs. 48%. In addition, the combined number of IoT vulnerabilities and vulnerabilities in medical IoT devices exceeded IT vulnerabilities for the first time as well. Claroty noted: "This indicates enhanced understanding on the part of vendors and researchers to secure these connected devices as they can be a gateway to deeper network penetration."

Thousands of Organizations Remain at Risk From Critical Zero-Click IP Camera Bug

The FTK 7.6 portfolio promises better integration with other security and network resources, as well as unified analysis of mobile and computer evidence.

Digital forensics – the discipline of finding the traces that applications and processes leave behind in order to piece together events – has become vital to law enforcement agencies, lawyers, and researchers. Granted, combing through and analyzing even a single cell phone can be daunting in its sheer volume of data, but the knowledge gleaned can create a priceless "Perry Mason moment." 

Originating in 1984 with the US FBI's Computer Analysis and Response Team, the practice of digital forensics has expanded past government walls to create a marketplace of private service providers. Indeed, the worldwide digital forensics market is expected to grow from $10 billion in 2022 to almost $24 billion in 2030, according to Future Market Insights.

Digital forensics companies aim to make scanning for, collecting, and analyzing data easier and quicker. Toward that end, legal GRC software provider Exterro today announced an update to its FTK 7.6 set of products that the company says can make parsing mobile phone evidence from Android or iOS 10 times faster than previous generations of its products. Mobile evidence can be stored in the same database as computer evidence for unified analysis.

In addition, FTK Connect helps clients connect FTK tools with existing systems, including SIEM and SOAR/XSOAR, case management, e-discovery, and in-house applications. Besides allowing FTK users to collect and process data more quickly, the integration reduces the risk that moving data between systems creates, Exterro said.

While the company emphasized that its latest release is geared mainly for forensics for judicial use, it also improves incident response. Exterro pointed out that the FTK tool set allows enterprise cybersecurity staff to investigate potentially compromised endpoints, examining and collecting folders and files even when the endpoint is not connected to the corporate VPN.

Exterro counts among its customers dot-com businesses like DoorDash and Pinterest, big corporations like American Express and Nestle, and government entities such as the cities of Denver, Colorado and Sparks, Nevada; state offices in California, Massachusetts, and Maryland; and agencies such as the US General Services Administration and the Los Alamos National Lab.

New Exterro FTK Update Accelerates Mobile Digital Forensics

The bug tracked as CVE-2022-0028 allows attackers to hijack firewalls without authentication, in order to mount DDoS hits on their targets of choice.

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that a high-severity security vulnerability in Palo Alto Networks firewalls is being actively exploited in the wild.

The bug (CVE-2022-0028, CVSS severity score of 8.6), exists in the PAN-OS operating system that runs the firewalls, and could allow a remote threat actor to abuse them to deploy distributed denial-of-service (DDoS) attacks against targets of their choice — without having to authenticate.

Two weeks since its disclosure, CISA said that it has now seen the bug being adopted by cyber adversaries in the wild, and it's added it to its Known Exploited Vulnerabilities (KEV) catalogue. Attackers can exploit the flaw to deploy both reflected and amplified versions of DDoS floods.

Exploitation of the issue can help attackers to cover their tracks and location, according to the original Palo Alto Networks advisory issued earlier this month.

"The DoS attack would appear to originate from a Palo Alto Networks PA-Series (hardware), VM-Series (virtual) and CN-Series (container) firewall against an attacker-specified target," according to the firm.

"The good news is that this vulnerability does not provide attackers with access to the victim's internal network," says Phil Neray, vice president of cyber-defense strategy at CardinalOps. "The bad news is that it can halt business-critical operations \[at other targets\] such as taking orders and handling customer service requests."

He notes that DDoS attacks aren't just mounted by small-time nuisance actors, as is often assumed: "DDoS has been used in the past by adversary groups like APT28 against the World Anti-Doping Agency."

The bug arises thanks to a URL-filtering policy misconfiguration, so instances that use a non-standard configuration are at risk. To be exploited, the firewall configuration "must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing network interface," the advisory read.

**Exploited in the Wild**

Bud Broomhead, CEO at Viakoo, says bugs that can be marshaled into service to support DDoS attacks are in more and more demand by cybercriminals -- and are increasingly exploited.  

"The ability to use a Palo Alto Networks firewall to perform reflected and amplified attacks is part of an overall trend to use amplification to create massive DDoS attacks," he says. "Google's recent announcement of an attack which peaked at 46 million requests per second, and other record-breaking DDoS attacks will put more focus on systems that can be exploited to enable that level of amplification."

The speed of weaponization also fits the trend of cyberattackers taking increasingly less time to put newly disclosed vulnerabilities to work — but this also points to an increased interest in lesser-severity bugs on the part of threat actors.

"Too often, our researchers see organizations move to patch the highest-severity vulnerabilities first based on the CVSS," Terry Olaes, director of sales engineering at Skybox Security, wrote in an emailed statement. "Cybercriminals know this is how many companies handle their cybersecurity, so they've learned to take advantage of vulnerabilities seen as less critical to carry out their attacks."

But patch prioritization continues to be a challenge for organizations of all stripes and sizes thanks to the sheer number of patches that are disclosed in a given month — it totals hundreds of vulnerabilities that IT teams need to triage and assess, often without much guidance to go on. And furthermore Skybox Research Lab recently found that new vulnerabilities that went on to be exploited in the wild rose by 24% in 2022.

That said, "any vulnerability that CISA warns you about, if you have in your environment, you need to patch now," Roger Grimes, data-driven defense evangelist at KnowBe4, tells Dark Reading. "The \[KEV\] lists all the vulnerabilities that were used by any real-world attacker to attack any real-world target. Great service."

He notes that the list is exhaustive: "It isn't just full of Windows or Google Chrome exploits. I think the average computer security person would be surprised about what's on the list. It's full of devices, firmware patches, VPNs, DVRs, and a ton of stuff that isn't traditionally thought of as being highly targeted by hackers."

**Time to Patch & Monitor for Compromise**

For the newly exploited PAN-OS bug, patches are available in the following versions:

*   PAN-OS 8.1.23-h1
*   PAN-OS 9.0.16-h3
*   PAN-OS 9.1.14-h4
*   PAN-OS 10.0.11-h1
*   PAN-OS 10.1.6-h6
*   PAN-OS 10.2.2-h2
*   And all later PAN-OS versions for PA-Series, VM-Series and CN-Series firewalls.

To determine if the damage is already done, "organizations should ensure they have solutions in place capable of quantifying the business impact of cyber-risks into economic impact," Olaes wrote.

He added, "This will also help them identify and prioritize the most critical threats based on the size of financial impact, among other risk analyses such as exposure-based risk scores. They must also enhance the maturity of their vulnerability management programs to ensure they can quickly discover whether or not a vulnerability impacts them and how urgent it is to remediate."

Grimes notes that it's a good idea to subscribe to CISA's KEV emails as well.

"If you subscribe, you'll get at least an email a week, if not more, telling what the latest exploited vulnerabilities are," he says. "It isn't just a Palo Alto Networks problem. Not by any stretch of the imagination."

CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit

The Russia-backed Nobelium APT has pioneered a post-exploitation tool allowing attackers to authenticate as any user.

The attackers responsible for the SolarWinds supply chain attack have added a new arrow to their quiver of misery: A post-compromise capability dubbed MagicWeb, which is used to maintain persistent access to compromised environments and move laterally.

Researchers at Microsoft observed the Russia-backed Nobelium APT using the backdoor after gaining administrative privileges to an Active Directory Federated Services (AD FS) server. With that privileged access, the attackers replace a legitimate DLL with the MagicWeb malicious DLL, so that the malware is loaded by AD FS as if it were legitimate.

Like domain controllers, AD FS servers can authenticate users. MagicWeb facilitates this on the part of the threat actors by allowing manipulation of the claims passed in authentication tokens generated by an AD FS server; thus, they can authenticate as any user on the network.

According to Microsoft, MagicWeb is a better iteration of the previously used specialized FoggyWeb tool, which also establishes a difficult-to-shake foothold inside victim networks.

"MagicWeb goes beyond the collection capabilities of FoggyWeb by facilitating covert access directly," Microsoft researchers explained. "It manipulates the user authentication certificates used for authentication, not the signing certificates used in attacks like Golden SAML."

For now, MagicWeb use appears to be highly targeted, according to Microsoft's advisory.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Efficient 'MagicWeb' Malware Subverts AD FS Authentication, Microsoft Warns

Center Hospitalier Sud Francilien (CHSF), a hospital outside of Paris, has redirected incoming patients to other medical facilities in the wake of a ransomware attack that began on Aug. 21.

Ransomware has disrupted operations at the Center Hospitalier Sud Francilien (CHSF), a 1,000-bed hospital outside Paris, locking down the facility's main systems including patient admissions and medical imaging. CHSF was forced to redirect incoming patients to other medical facilities, and hospital staff reverted to pen and paper. 

According to a report in Le Monde, the attackers demanded $10 million to decrypt the systems; it's unclear though whether the hospital paid the attackers any of the ransom. French authorities are investigating the ongoing incident and the threat actors behind the attack, which began on Aug. 21. 

"This attack does not impact the operation and security of the hospital building" and its telecommunications system, CHSF said in a statement, which was translated from French. 

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Ransomware Gang Demands $10M in Attack on French Hospital

An insider threat or remote attacker with initial access could exploit CVE-2022-31676 to steal sensitive data and scoop up user credentials for follow-on attacks.

An important-rated security vulnerability in VMware Tools could pave the way for local privilege escalation (LPE) and complete takeover of virtual machines that house important corporate data, user info and credentials, and applications.

VMware Tools is a set of services and modules that enable several features in VMware products used to manage user interactions with guest operating systems (Guest OS). Guest OS is the engine that powers a virtual machine.

"A malicious actor with local non-administrative access to the Guest OS can escalate privileges as a root user in the virtual machine," according to VMware's security advisory, issued this week, which noted that the bug, tracked as CVE-2022-31676, carries a rating of 7.0 out of 10 on the CVSS vulnerability-severity scale.

Exploitation paths could take many forms, according to Mike Parkin, senior technical engineer at Vulcan Cyber.

"It is unclear from the release whether it requires access through the VMware virtual console interface or whether a user with some form of remote access to the Guest OS, such as RDP on Windows or shell access for Linux, could exploit the vulnerability," he tells Dark Reading. "Access to Guest OS should be limited, but there are many use cases that require logging into a virtual machine as a local user."

The virtualization virtuoso has patched the issue, with patched-version details available in the security alert. There are no workarounds for the flaw, so admins should apply the update to avoid compromise.

The issue, while not critical, should still be patched as soon as practicable, Parkin warns: "Even with cloud migration, VMware remains a staple of virtualization in many enterprise environments, which makes any privilege escalation vulnerability problematic."

To monitor for compromise, John Bambenek, principal threat hunter at Netenrich, recommends deploying behavioral analytics to detect credential abuse, as well as an insider threat program to detect problem employees who may abuse their already legitimate access.

"VMWare (and related) systems manage the most privileged systems, and compromising them is a force multiplier for threat actors," he says.

The patch comes on the heels of the disclosure of a critical bug earlier this month that would allow authentication bypass for on-premises VMware implementations, to give attackers initial local access and the ability to exploit LPE vulnerabilities such as this one.

VMware LPE Bug Allows Cyberattackers to Feast on Virtual Machine Data

Every organization is on a zero-trust journey. Learn about how critical identity is to your security evolution, and how your organization can move forward.

In the face of never-ending threats and continued technology evolution, zero trust has quickly progressed from an intriguing idea and buzzword to a critical business imperative. Regardless of how advanced or how early their implementations are, all organizations are on this journey.

At the core of this zero-trust journey is identity, which serves as the front door to every user interaction, the heart of the remote work security challenge, and the foundation to making zero trust a reality. Recent survey data from Okta backs up that belief, with 80% of all security leaders calling out identity as an important component to their overall zero trust security strategy, with an additional 19% going so far as to call identity "business critical."

**Understanding Zero-Trust Evolution**

The "Okta State of Zero Trust Security Report" introduces an identity adoption model that provides clarity and direction for security practitioners trying to understand where they are in their zero-trust journey. This five-phase model provides companies with a way to understand how their peers are prioritizing identity projects today, and which initiatives they plan to prioritize and focus on over the coming months.

**Phase One: Traditional**

Organizations in the first phase typically are at the beginning of their cloud transformation journey: They're either trying to anticipate the challenges of cloud adoption or they're already experiencing them. These are organizations seeking to add multiple layers of security to their authentication processes to ensure they're giving the right people access to the right resources, including multifactor authentication (MFA) for employees, or connecting the employee directory to business-critical cloud apps.

Okta's report highlights how almost every organization has either begun or is shortly planning to begin this critical step in their evolution, with 95% of respondents stating they plan to complete the first phase of their zero-trust initiatives over the next 12**–**18 months.

**Phase Two: Emerging**

In phase two, organizations typically are leaning more heavily on the cloud while securing and simplifying user access to increase security and productivity. They may adopt new tooling such as MFA for external users, enable self-service factor resets to reduce help desk costs, or automate provisioning and deprovisioning for applications.

Zero-trust and identity-first strategies illustrate the critical need to extend authorization policies and standards throughout an organization's supply and partner ecosystem, and it's here that organizations showed the need for continued progress. The Okta research found that while nearly 80% of respondents have extended SSO for their employees, only 38% of respondents said their companies have extended MFA to external users.

**Phase Three: Maturing**

Maturing organizations experience more complex challenges such as increased compliance and regulatory requirements, a hybrid infrastructure, and the need to support a large, dynamic workforce.

Meeting these challenges means extending and expanding identity and access management (IAM) efforts beyond their employees and legacy network to accommodate a growing world of external users, as well as an expanding cloud or multicloud infrastructure. Organizations are recognizing the priority, with MFA and SSO for infrastructure set to make a significant leap in the next 12**–**18 months, jumping from 31% to 67%, by 2023.

**Phase Four: Elevated**

In the elevated phase, organizations are intelligently consolidating or deprecating any outdated tech and protecting key custom applications they find to be potential security weak points. In their bids to complete their digital transformation, they may add secure access to APIs, deploy proxy tools to modernize legacy technologies, or implement context-based access policies. Progress in this phase has become less streamlined as these projects are prioritized by companies at a disproportionate rate. For instance, roughly half of worldwide respondents already have implemented MFA across user groups (49%) and secured access to APIs (54%), but only 6% have implemented context-based access policies.

**Phase Five: Evolved**

By phase five, organizations have reached the stage where they can shift their focus away from implementing core zero-trust projects toward optimizing user life-cycle management, applying security access to servers, and implementing passwordless access.

Projects in this phase include deploying secure passwordless access across the board or making access decisions at the data layer based on user and device posture. Okta report data shows that nearly 22% of respondents from financial services companies plan to adopt passwordless access options within the coming 12**–**18 months, with 16% of healthcare and software companies not far behind. However, only 7% of government institutions either already have passwordless access in place or are planning to do so.

**The Future of Zero Trust**

The path to zero trust is both evolving and simultaneously continuous, and maturity models like the one details in the Okta report will themselves evolve. What's critical for security practitioners and leaders alike is to work across the IT and security landscape to take stock of business goals and context to prioritize the areas that not only minimizes risk, but drive productivity and efficiency for the organization.

**About the Author**

    

Amanda Rogerson is a change agent who wants to disrupt the way you think about digital security and identity. Having worked with organizations globally across industries in various roles throughout her 20-year career, she is mindful of the impact new security practices have across organizations. As a self-proclaimed nerd, she likes to weave pop-culture references into her discussions to make topics relatable.

New Zero-Trust Maturity Data: Charting Your Own Organization

Organizations relying on multicloud or hybrid-cloud environments without ﻿a true understanding of their security vulnerabilities do so at their peril.

According to the Cloud Security Alliance's 2021 report, "State of Cloud Security Concerns, Challenges and Incidents," 41% of participants were "unsure" whether they had experienced a cloud security incident in the recent year.

And that percentage doubled since 2019.

Cloud security threats are on the rise, and more organizations are using two or more public cloud providers to meet organizational needs. These cloud environments typically host sensitive business and customer data, critical applications, and other high-risk information.

But these organizations are relying more on multicloud or hybrid-cloud environments without a true understanding of their security vulnerabilities, threats, or if an incident had occurred at all.

**Data Protection and Privacy**

Consistent data protection and privacy is difficult to achieve in diverse environments with their own built-in security tools. Many organizations struggle to protect data properly in multicloud environments in compliance with policy and regulatory requirements.

Disjointed environments have different security controls and tools, which makes consistent, ironclad protection a major hurdle.

Cloud management platforms (CMPs) are a viable solution to cloud management and security. With a CMP, administrators don't need to understand the differences between public clouds, but may use a consistent interface to manage both effectively.

This has significant advantages for improving cloud security. IT teams can implement a common security layer within a multicloud environment and then apply the same identity and access

**Visibility and Control**

Achieving visibility and control is difficult under the shared responsibility model and vendor-controlled infrastructure. With this model, the security is divided between the cloud provider and the customer – the cloud provider is responsible for security of the cloud, while the customer is responsible for security of what's in the cloud.

For many companies, this is a considerable challenge for multicloud environments. They don't have visibility and control at the lower layers of their stack and can't deploy traditional solutions, leaving significant gaps in their visibility.

There are several solutions to this problem.

**Enforce policies and data governance:** Companies are responsible for putting policies in place for cloud data ownership and responsibility. Data must be classified to ensure the appropriate security measures are in place.

**Manage Identity and access controls**: Identity and access management in the cloud is more complex than closed environments. Providers typically offer best practices and managed services to help companies with IAM, but the responsibility to use them effectively falls entirely on the company.

**Leverage data security management tools**: These tools are essential to protecting the ever-growing cloud. Scaling increases the complexity and creates hurdles with visibility, and a data security management tool offers a centralized option to manage data and users.

**Prepare for Cloud Adoption**

Multicloud infrastructure comes with incredible benefits for an organization, including reduced costs, greater flexibility and scalability, and management from a cloud provider.

The rapid adoption of the cloud creates vulnerabilities along with opportunities, however. Mitigating threats and risk with innovative security approaches can help organizations achieve security and compliance in multicloud and hybrid-cloud environments.

Source

DARKReading