Tools - JSOC IT Launches AUTOPSY for Security Verification

What Happened

JSOC IT has introduced a groundbreaking platform called AUTOPSY. This platform focuses on security verification by investigating an organization’s security stack through live API integrations. Unlike traditional methods that often rely on self-reported assessments, AUTOPSY aims to identify vulnerabilities before a breach occurs. The flagship product, READY, replaces outdated questionnaires with real-time, API-verified telemetry across various security domains.

The CEO of JSOC IT, Sam Sawalhi, emphasizes the need for this innovation. He points out that many organizations operate on an 'honor system,' where they report their security posture without actual verification. AUTOPSY aims to change this narrative by providing a detailed investigation into the security measures organizations claim to have in place.

Who's Affected

The launch of AUTOPSY is particularly relevant for organizations across various sectors, especially those that are heavily regulated. The platform's findings reveal a concerning trend: the Readiness Gap—the difference between what a Chief Information Security Officer (CISO) believes about their security environment and what AUTOPSY verifies. In many cases, this gap averages between 20 to 35 percentage points.

For instance, during a recent engagement with a mid-market financial services firm, AUTOPSY uncovered significant issues that had previously gone unnoticed. These included silent endpoint detection failures, untested backup infrastructures, and dormant privileged accounts. Such vulnerabilities could have been exploited by attackers, highlighting the critical need for continuous verification.

What Data Was Exposed

The findings from AUTOPSY are alarming, showcasing a stark contrast between self-reported security assessments and actual security realities. For example, one organization reported a self-assessed security score of 87, yet the verified score from the READY assessment was only 61. This discrepancy underscores the importance of real-time data verification in maintaining a secure environment.

Key findings from the assessment included:

• Silent EDR coverage failure: 23% of endpoints had no alerts due to sensor failures.
• MFA exclusions: Legacy applications were not enforcing multi-factor authentication, exposing them to potential threats.
• Untested backup infrastructure: Backups had not been validated in over a year, leaving data vulnerable.
• Dormant privileged accounts: Several inactive admin accounts remained active, including those of former employees.

What You Should Do

Organizations should consider adopting platforms like AUTOPSY to enhance their security posture proactively. The three-phase engagement model includes:

1. The AUTOPSY: READY assessment: This phase quantifies the Readiness Gap and delivers a forensic report.
2. The Rebuild: Engineers from JSOC IT assist in remediating identified vulnerabilities.
3. Always On: Continuous monitoring ensures that the organization's security posture remains verified and not assumed.

In a world where cyber threats are ever-evolving, relying on self-reported metrics is no longer sufficient. Organizations must embrace tools like AUTOPSY to ensure their defenses are robust and effective. As Sawalhi aptly puts it, "Deployed is not the same as defended."