Ronan Lavelle

The Breach and Attack Simulation (BAS) market is still relatively new for many companies and like all new ideas and concepts, it can take some time to fully understand how to embrace, so here are five key things that you should expect from a BAS tool. Validate security control effectiveness • test endpoint • lateral

The recent announcement of Project Glasswing by Anthropic has sent shockwaves through the cybersecurity community. By leveraging Claude Mythos, a frontier model with potent discovery capabilities, Anthropic has effectively signalled the start of a new era. We are no longer just defending against human hackers; we are defending against machine-speed, automated adversarial logic. For information

Demonstrating Continuous Compliance for pivotal regulations like the EU’s Digital Operational Resilience Act (DORA) and the revised Network and Information Security Directive (NIS2) demands a profound evolution beyond traditional approaches. It necessitates a fundamental shift in mindset, moving decisively away from a static, audit-driven, and often reactive posture. The old paradigm, where cybersecurity compliance might

The journey towards genuine, Continuous Compliance is far more than an exercise in drafting policies and implementing security controls. It demands a profound, persistent, and practical understanding of one crucial question: are our defences truly effective against sophisticated, ever-evolving adversaries? This is where the discipline of Adversarial Exposure Validation (AEV) – often termed Security Controls

For modern organisations, the attack surface is not a static map but an ever-expanding, dynamic entity, reflecting the increasing complexity of our interconnected operations. In this volatile environment of escalating threats, relying on traditional, point-in-time security assessments is akin to navigating a storm with only a fleeting glimpse of the weather forecast – the picture

Adversarial exposure validation is a cybersecurity testing methodology that simulates real-world attack techniques to identify vulnerabilities in an organisation’s security controls. Unlike traditional security assessments relying on theoretical vulnerability data, this approach actively tests defences by mimicking actual threat actor behaviours across Windows, Linux, and Mac environments. Key Benefits: Provides empirical evidence about successful attack

MITRE ATT&CK® is a free resource that all cyber defenders should be aware of and use in their defensive preparations. The ATT&CK framework is a comprehensively documented kill-chain of attacker behaviours, classified by Tactics, Techniques and Procedures. In this blog, we offer advice to help get started with ATT&CK and explain how MITRE ATT&CK and

As a CISO, your job is to set up a balanced security program that defends your company against a variety of cyber attacks. It’s not an easy task: typically, it takes years before a security program reaches maturity. Maintaining your company’s security program is even more difficult. How do you ensure you continuously stay on

Breach and Attack Simulation vs Penetration Testing is becoming the question to answer in offensive security testing circles of late; so what is the difference between the well established world of penetration testing and the up and coming Breach and Attack Simulation (BAS)? Before we answer that , it is noteworthy to point out that

Cybersecurity is a constant battle, with threat actors continuously evolving their methods. The emergence of AI-powered ransomware represents a significant leap forward in this arms race, posing a new challenge for defenders. A recent proof-of-concept (POC) developed by the University of New York (NYU) highlights just how dangerous this threat could become. The researchers at