The Breach and Attack Simulation (BAS) market is still relatively new for many companies and like all new ideas and concepts, it can take some time to fully understand how to embrace, so here are five key things that you should expect from a BAS tool. Validate security control effectiveness • test endpoint • lateral movement • exfiltration Test and

The recent announcement of Project Glasswing by Anthropic has sent shockwaves through the cybersecurity community. By leveraging Claude Mythos, a frontier model with potent discovery capabilities, Anthropic has effectively signalled the start of a new era. We are no longer just defending against human hackers; we are defending against machine-speed, automated adversarial logic. For information security teams, the “Mythos” capability

Demonstrating Continuous Compliance for pivotal regulations like the EU’s Digital Operational Resilience Act (DORA) and the revised Network and Information Security Directive (NIS2) demands a profound evolution beyond traditional approaches. It necessitates a fundamental shift in mindset, moving decisively away from a static, audit-driven, and often reactive posture. The old paradigm, where cybersecurity compliance might have been viewed as a

The journey towards genuine, Continuous Compliance is far more than an exercise in drafting policies and implementing security controls. It demands a profound, persistent, and practical understanding of one crucial question: are our defences truly effective against sophisticated, ever-evolving adversaries? This is where the discipline of Adversarial Exposure Validation (AEV) – often termed Security Controls Validation – transitions from a

For modern organisations, the attack surface is not a static map but an ever-expanding, dynamic entity, reflecting the increasing complexity of our interconnected operations. In this volatile environment of escalating threats, relying on traditional, point-in-time security assessments is akin to navigating a storm with only a fleeting glimpse of the weather forecast – the picture is outdated almost as soon

Adversarial exposure validation is a cybersecurity testing methodology that simulates real-world attack techniques to identify vulnerabilities in an organisation’s security controls. Unlike traditional security assessments relying on theoretical vulnerability data, this approach actively tests defences by mimicking actual threat actor behaviours across Windows, Linux, and Mac environments. Key Benefits: Provides empirical evidence about successful attack scenarios Helps organisations understand true

MITRE ATT&CK® is a free resource that all cyber defenders should be aware of and use in their defensive preparations. The ATT&CK framework is a comprehensively documented kill-chain of attacker behaviours, classified by Tactics, Techniques and Procedures. In this blog, we offer advice to help get started with ATT&CK and explain how MITRE ATT&CK and Breach & Attack Simulation can

As a CISO, your job is to set up a balanced security program that defends your company against a variety of cyber attacks. It’s not an easy task: typically, it takes years before a security program reaches maturity. Maintaining your company’s security program is even more difficult. How do you ensure you continuously stay on top of the latest cybersecurity

Breach and Attack Simulation vs Penetration Testing is becoming the question to answer in offensive security testing circles of late; so what is the difference between the well established world of penetration testing and the up and coming Breach and Attack Simulation (BAS)? Before we answer that , it is noteworthy to point out that investments in information security tools

Cybersecurity is a constant battle, with threat actors continuously evolving their methods. The emergence of AI-powered ransomware represents a significant leap forward in this arms race, posing a new challenge for defenders. A recent proof-of-concept (POC) developed by the University of New York (NYU) highlights just how dangerous this threat could become. The researchers at NYU developed a polymorphic AI-powered

Continuous Security Controls Validation is a crucial component of a mature cybersecurity program. It moves beyond traditional point-in-time assessments to provide ongoing, real-time insights into an organisation’s security posture. In today’s threat landscape, which is marked by sophisticated and rapidly evolving attacks like supply chain compromises and AI-driven social engineering, CISOs need to prove the effectiveness of their security investments

In an era of evolving threats, evaluating MITRE ATT&CK testing tools is the only way to ensure your defences aren’t just theoretical, but battle-tested. In the current threat landscape, for instance, where the average cost of a financial sector data breach has climbed to £4.8M ($6.08M). Consequently, the question for CISOs has shifted. Therefore, it is no longer “Are we

In the current threat landscape, where the average cost of a financial sector data breach has climbed to USD 6.08M, the question for CISOs has shifted. It’s no longer “Are we secure?” but “How do we prove our resilience to the Board and the Regulator?”. With new EU legislation like DORA and NIS2 mandating continuous, evidence-based validation, choosing the right

The cyber threat landscape is evolving faster than ever. Installing security tools and waiting for an incident is no longer a viable strategy. Modern organizations must shift from reactive security to proactive, continuous validation. This is the core principle of Adversarial Exposure Validation (AEV), a methodology designed to confirm your security controls are effective against real-world attack techniques. AEV simulates

Adversarial Exposure is redefining how organisations approach cybersecurity. By providing continuous validation to help achieve true cyber resilience. The imperative for modern businesses is clear: it's no longer if you will face a cyber incident, but when. This reality has elevated the concept of Cyber Resilience from a buzzword to a fundamental operational requirement. Resilience, at its core, is the

At the recent MITRE ATT&CK conference, ATT&CKCon in Washington, leading MSSP Red Canary presented an interesting keynote presentation on how they advise organisations should use MITRE ATT&CK in cyber defence. The first takeaway is: Don’t boil the ocean. Many organisations waste their time and efforts on vanity statistics, particularly when trying to map their detection and protective capabilities against all

The NIS2 Directive represents a significant evolution in the European Union’s approach to cybersecurity, aiming to bolster the resilience of network and information systems across various critical sectors. This directive not only updates the previous NIS1 framework but also expands its scope, introducing more stringent requirements for member states and organisations alike. In this article, we will delve into the

Forbes Technology Council is an invitation-only community for leading CIOs, CTOs, and top-tier technology executives Cheltenham, United Kingdom – September 19, 2025 – Validato CEO & Co-Founder Ronan Lavelle joins the prestigious Forbes Technology Council, an invitation-only community reserved for the world’s leading CIOs, CTOs, and technology executives. Lavelle was hand-selected by a review committee recognising his extensive expertise and