At the recent MITRE ATT&CK conference, ATT&CKCon in Washington, leading MSSP Red Canary presented an interesting keynote presentation on how they advise organisations should use MITRE ATT&CK in cyber defence. The first takeaway is: Don't boil the ocean. Many organisations waste their time and efforts on vanity statistics, particularly when trying to map their detection
The NIS2 Directive represents a significant evolution in the European Union's approach to cybersecurity, aiming to bolster the resilience of network and information systems across various critical sectors. This directive not only updates the previous NIS1 framework but also expands its scope, introducing more stringent requirements for member states and organisations alike. In this article,
The Breach and Attack Simulation (BAS) market is still relatively new for many companies and like all new ideas and concepts, it can take some time to fully understand how to embrace, so here are five key things that you should expect from a BAS tool. Validate security control effectiveness • test endpoint • lateral
Demonstrating Continuous Compliance for pivotal regulations like the EU's Digital Operational Resilience Act (DORA) and the revised Network and Information Security Directive (NIS2) demands a profound evolution beyond traditional approaches. It necessitates a fundamental shift in mindset, moving decisively away from a static, audit-driven, and often reactive posture. The old paradigm, where cybersecurity compliance might
The journey towards genuine, Continuous Compliance is far more than an exercise in drafting policies and implementing security controls. It demands a profound, persistent, and practical understanding of one crucial question: are our defences truly effective against sophisticated, ever-evolving adversaries? This is where the discipline of Adversarial Exposure Validation (AEV) – often termed Security Controls
Navigating the EU's NIS2 Directive demands more than just ticking the initial boxes defined by local legislation. True adherence to this regulatory framework isn't a one-time achievement; it necessitates continuous engagement, clearly assigned responsibilities and the consistent refinement of policies and security measures. Failure to maintain this state of compliance carries the same significant risks
The threat landscape is constantly evolving, and organisations must stay ahead of the curve to protect their valuable assets. In 2025, cybersecurity leaders should prioritise the following strategic initiatives: 1. Vulnerability Management Vulnerabilities are the chinks in your armor, the weaknesses that attackers exploit to gain access to your systems. Effective vulnerability management is crucial
In today's hyper-connected world, where data breaches and cyberattacks are rampant, the importance of robust cybersecurity cannot be overstated. Threat Informed Defence is a dynamic and proactive approach gaining traction among organisations aiming to fortify their digital defences. Enhancing cybersecurity with Threat Informed Defence has never been easier. This article delves into the core elements
Validato provides an unbiased assessment of an organisation’s ability to defend against adversary behaviours related to known threats, as described in the MITRE ATT&CK knowledge base.
A company can better understand its capabilities and limitations to motivate future improvement, making its cyber defences resilient to the most prevalent cyber threats.
Subscribe to the latest news and insights from Validato here.
© Copyright 2026 Validato Limited | Privacy Policy | Cookie Policy | Site Map | Website designed by Crazy Gecko Limited.
