Validato News & Insights
All the latest news and insights from Validato
Threat Informed Roadmap Reviews – Validato Webinar
Interested in making your cyber defence strategy truly proactive? Join Justin Craigon from BT and Ronan Lavelle from Validato for a virtual fireside chat on December 12th to discuss "Threat-Informed Roadmap Reviews." We'll be diving deep into: How cyber threat analysis and threat mapping (leveraging frameworks like MITRE ATT&CK) can inform and validate your existing defences. Practical ways to use this intelligence to shape your
Achieving Cyber Resilience with Adversarial Exposure Validation
Adversarial Exposure is redefining how organisations approach cybersecurity. By providing continuous validation to help achieve true cyber resilience. The imperative for modern businesses is clear: it's no longer if you will face a cyber incident, but when. This reality has elevated the concept of Cyber Resilience from a buzzword to a fundamental operational requirement. Resilience, at its core, is the ability for an organisation to
How to test Red Canary MITRE ATT&CK Forever Techniques
At the recent MITRE ATT&CK conference, ATT&CKCon in Washington, leading MSSP Red Canary presented an interesting keynote presentation on how they advise organisations should use MITRE ATT&CK in cyber defence. The first takeaway is: Don't boil the ocean. Many organisations waste their time and efforts on vanity statistics, particularly when trying to map their detection and protective capabilities against all MITRE ATT&CK Techniques. In many
Understanding the NIS2 Directive: A Comprehensive Overview
The NIS2 Directive represents a significant evolution in the European Union's approach to cybersecurity, aiming to bolster the resilience of network and information systems across various critical sectors. This directive not only updates the previous NIS1 framework but also expands its scope, introducing more stringent requirements for member states and organisations alike. In this article, we will delve into the key aspects of the NIS2
Ronan Lavelle accepted into Forbes Technology Council
Forbes Technology Council is an invitation-only community for leading CIOs, CTOs, and top-tier technology executives Cheltenham, United Kingdom – September 19, 2025 – Validato CEO & Co-Founder Ronan Lavelle joins the prestigious Forbes Technology Council, an invitation-only community reserved for the world’s leading CIOs, CTOs, and technology executives. Lavelle was hand-selected by a review committee recognising his extensive expertise and transformative leadership in the cybersecurity
Defending Against AI-Powered Ransomware: A New Era of Cyber Threats
Cybersecurity is a constant battle, with threat actors continuously evolving their methods. The emergence of AI-powered ransomware represents a significant leap forward in this arms race, posing a new challenge for defenders. A recent proof-of-concept (POC) developed by the University of New York (NYU) highlights just how dangerous this threat could become. The researchers at NYU developed a polymorphic AI-powered ransomware in a controlled lab
The Imperative of Continuous Security Controls Validation
Continuous Security Controls Validation is a crucial component of a mature cybersecurity program. It moves beyond traditional point-in-time assessments to provide ongoing, real-time insights into an organisation's security posture. In today's threat landscape, which is marked by sophisticated and rapidly evolving attacks like supply chain compromises and AI-driven social engineering, CISOs need to prove the effectiveness of their security investments to the board. The costs
5 Reasons Why Your Organisation Needs Continuous Threat Management
In the dynamic cybersecurity landscape of 2025, the adage "it's not if, but when" has never been more pertinent. Cybercriminals are more sophisticated, and attack vectors are constantly evolving. A reactive approach to security is a relic of the past. To stay ahead, organisations must embrace a proactive, systematic strategy: Continuous Threat Exposure Management (CTEM). CTEM is more than just a buzzword; it's a fundamental
What to expect from a BAS tool
The Breach and Attack Simulation (BAS) market is still relatively new for many companies and like all new ideas and concepts, it can take some time to fully understand how to embrace, so here are five key things that you should expect from a BAS tool. Validate security control effectiveness • test endpoint • lateral movement • exfiltration Test and optimise detection capabililities Focus the
How to Demonstrate Continuous Compliance for DORA & NIS2
Demonstrating Continuous Compliance for pivotal regulations like the EU's Digital Operational Resilience Act (DORA) and the revised Network and Information Security Directive (NIS2) demands a profound evolution beyond traditional approaches. It necessitates a fundamental shift in mindset, moving decisively away from a static, audit-driven, and often reactive posture. The old paradigm, where cybersecurity compliance might have been viewed as a periodic, checklist-based exercise primarily geared
Continuous Compliance & Adversarial Exposure Validation
The journey towards genuine, Continuous Compliance is far more than an exercise in drafting policies and implementing security controls. It demands a profound, persistent, and practical understanding of one crucial question: are our defences truly effective against sophisticated, ever-evolving adversaries? This is where the discipline of Adversarial Exposure Validation (AEV) – often termed Security Controls Validation – transitions from a niche practice to an indispensable
Continuous Security Posture Validation: The New Standard in Cyber Security (2025)
In 2025, the cyber security landscape is more dynamic and challenging than ever before. Traditional, point-in-time security assessments are no longer sufficient to defend against sophisticated, constantly evolving threats. The imperative for organisations to maintain a robust security posture has led to a fundamental shift towards Continuous Security Posture Validation. This proactive methodology is reshaping how businesses approach their cybersecurity defences, moving from periodic checks
Embracing Continuous Compliance in Europe’s New Regulatory Age
The ground is shifting beneath the feet of European organisations. Gone are the days when cybersecurity compliance could be treated as an annual tick-box exercise. A new, more dynamic and demanding paradigm is emerging, spearheaded by landmark regulations such as the Digital Operational Resilience Act (DORA), the Network and Information Security Directive 2 (NIS2), and the UK’s forthcoming Cyber Security & Resilience Act. Together, they
Forging Cyber Resilience Through Continuous Compliance and Security Controls Validation
For modern organisations, the attack surface is not a static map but an ever-expanding, dynamic entity, reflecting the increasing complexity of our interconnected operations. In this volatile environment of escalating threats, relying on traditional, point-in-time security assessments is akin to navigating a storm with only a fleeting glimpse of the weather forecast – the picture is outdated almost as soon as it’s captured. To truly
Is Adversarial Exposure Validation suitable for small and medium-sized businesses?
Yes, adversarial exposure validation (AEV) is highly suitable for small and medium-sized businesses. This advanced security testing approach simulates real-world cyberattacks to identify vulnerabilities in security systems, making it particularly valuable for SMBs that need cost-effective, continuous security validation. Unlike traditional annual penetration tests, AEV provides ongoing assessment of security controls, helping smaller organisations maintain robust defences without requiring large security teams or budgets. Modern AEV platforms have evolved to offer automated, user-friendly solutions that make enterprise-grade security testing accessible to businesses with limited resources. Adversarial exposure validation represents a significant shift in how organisations approach cybersecurity testing. This methodology
How often should organizations perform Adversarial Exposure Validation?
Organizations should perform adversarial exposure validation monthly as a baseline, with more frequent testing for high-risk environments or during periods of significant infrastructure changes. This regular cadence helps organizations identify security gaps before attackers can exploit them, while remaining manageable for security teams. The exact frequency depends on factors including regulatory requirements, organizational risk profile, and the rate of infrastructure changes. Regular adversarial exposure validation plays a vital role in maintaining robust security defenses against evolving cyber threats. Organizations face constant pressure to balance comprehensive security testing with operational efficiency, making the timing of validation exercises particularly important for maintaining
What are the benefits of implementing Adversarial Exposure Validation?
Adversarial exposure validation represents a proactive cybersecurity approach that simulates real-world attacks to identify vulnerabilities before malicious actors can exploit them. This method continuously tests security controls by performing automated attack scenarios, revealing misconfigurations, excessive privileges, and security gaps that traditional vulnerability scanning might miss. Unlike periodic assessments, adversarial exposure validation provides ongoing assurance about an organisation’s defensive posture, enabling security teams to prioritise remediation efforts and strengthen their overall security position through data-driven insights. Adversarial exposure validation fundamentally changes how organisations approach security testing by shifting from theoretical vulnerability identification to practical exploit validation. This proactive method executes attack
Can Adversarial Exposure Validation help prioritize cybersecurity risks?
Yes, adversarial exposure validation can significantly help prioritize cybersecurity risks by simulating real-world attack scenarios to identify which vulnerabilities pose the greatest threat to an organization. Unlike traditional vulnerability scanning that simply lists potential weaknesses, adversarial exposure validation tests whether attackers can actually exploit these vulnerabilities within your specific security environment, providing clear data on which risks require immediate attention. Adversarial exposure validation represents a proactive security testing approach that fundamentally changes how organizations assess their cyber defences. Rather than relying on theoretical vulnerability scores, this method simulates actual attacker behaviour to test whether security controls can withstand real-world threats.
How does Adversarial Exposure Validation integrate with Continuous Threat Exposure Management (CTEM)?
Adversarial Exposure Validation integrates with Continuous Threat Exposure Management (CTEM) by serving as the practical testing component within CTEM’s systematic framework. While CTEM provides a structured approach to managing security exposures through its five-stage process, Adversarial Exposure Validation delivers the hands-on validation needed to confirm whether identified vulnerabilities can actually be exploited. This integration transforms theoretical risk assessments into actionable intelligence by simulating real-world attacks within the organisation’s actual environment. The relationship between Adversarial Exposure Validation and CTEM represents a shift from reactive security management to proactive threat prevention. CTEM establishes a comprehensive framework for identifying and managing security exposures
What tools are used for Adversarial Exposure Validation?
Adversarial exposure validation tools simulate real-world cyberattacks to test an organisation’s security defences. These platforms execute attack scenarios based on frameworks like MITRE ATT&CK, helping security teams identify vulnerabilities, misconfigurations, and security gaps before malicious actors can exploit them. Modern validation tools provide automated testing capabilities across Windows, Linux, and Mac environments, enabling continuous security assessment and compliance with regulations like NIS2 and DORA. Key Takeaway: Understanding the right adversarial exposure validation tools can transform how organisations approach cybersecurity testing. These platforms move beyond traditional vulnerability scanning by simulating actual attack techniques, providing empirical data about security control effectiveness. From
