Rapid 7 - Start with threat modelling and let gamers game

Authored by Damon Cabanillas

Is there anything that’s not changing too fast these days?

The demand for games, availability, and stability has the gaming industry in sprint after sprint with new IT requirements. Most infrastructure has changed from on-prem to hybrid: the cloud accommodates highly volatile time-of-day, day-of-week, and new release traffic.

The risks and threats have also changed a lot over the years, and are continuing to change. Adversaries are aware of it all and are using it to their advantage. Today, they’re extracting $10 billion from the global economy every year.

Ready player one? Winning is about understanding your opponent

Rapid7’s public research projects make this possible: Project Lorelei, Metasploit, and AttackerKB let us spot new, popular attacks exploits, their velocity, and the risk to you.

Too busy to click the links today? Make time soon. Just as in any game, you need to understand what weapons adversaries use, how they think, and how capable they are.  And that begins by knowing exactly what they’re doing right now.

We also try to predict the future. As you might expect, this is not the easiest thing to do. Using AttackerKB, we can pinpoint vulnerabilities that are so far not being exploited yet. We can then see into the future – and prevent an attack.

With these open-source intelligence and tools, you can calculate an accurate risk level multiple times per day. Knowing your risk dynamically will enable you to prioritize the correct work in  both in cloud and on-prem environments and base KPI’s and SLA’s on better foundations.

By understanding the threats that are out there, we prioritize the right thing, making sure that we keep the infrastructure safe and letting the gamers game.

from Rapid7 Cybersecurity Blog https://blog.rapid7.com/2024/04/12/start-with-threat-modelling-and-let-gamers-game/