Aaron Weis, chief information of the Department of the Navy and a 2022 Wash100 Award winner, said conducting regular automated red-teaming is far more effective than adopting a “checklist” approach when it comes to detecting and addressing cyber vulnerabilities, Defense One reported Tuesday.
“It’s a very compliance-driven mentality, like an audit… and it’s wrong,” Weis told the publication of the checklist approach. “Cybersecurity is not a compliance problem.”
The Navy conducted an experiment using a tool called Nova from software startup Rebellion to perform automated red-teaming on networks and found that the process revealed which cyber vulnerabilities allow threat actors to gain wider access to networks and those that were the easiest to exploit.
“It can identify the system, understand its patch level, catalog its vulnerabilities according to what’s generally available, and then try to run an automated exploit against it, based on what it knows,” Weis said of the tool.
