Attack Thyself? Yeah Right!

April 21, 2020 by Kyle Flaherty

"Everybody has a plan until they get punched in the mouth."

Security teams know this too well, and it’s why for decades we’ve had solutions like Vulnerability Scanning and services like Penetration Testing and “Red Teaming”. Those were built to help our teams and our networks to get that proverbial punch in the mouth.

vulnerability scanVulnerability Scan:

Scanning for vulnerabilities is like hitting a heavy bag, it’s a moment in time, it’s not moving, and it certainly won’t hit back.

Pen testPenetration Test:

The pen test is a bit more fluid, like a ‘tear drop heavy bag’. When you hit it, it moves, and you have to adjust…but you’re most likely going to just keep hitting it. Oh, and it won’t hit you back.

Red team securityRed Team:

Red Teams are equipped to hit you back, lightly...and even dodge and use lateral movement. They are like a great sparring partner. Unfortunately not every company can afford these AND you can’t do this every day (or multiple times a day).

At some point you have to step into the ring, against an enemy, and take some hits. Twelve years ago this month I started a job at a small Austin startup called BreakingPoint Systems. We created technology that could create actual malicious traffic, hide it in application ‘noise’ and get into the ring with any security tool, pre-production, to test its…wait for it…breaking point. And back then every customer asked us for one seemingly simple thing; a version of this they could run in production and continuously, because things change once deployed, every day.

Breach and Attack Simulation (BAS)

Fast forward 12 years and that same team (literally, these folks are still going at it with a crazy passion) has entered the “Breach and Attack Simulation (BAS)” market, or so blessed by Gartner. Our product, aptly named Threat Simulator, could also be named ‘fight simulator’ because it’s a live boxing ring for any security pro to get in and test their production network against honest to goodness malicious attacks and techniques. But unlike the boxing ring, that ‘punch in the face’ won’t hurt, it just tells you what you need to do before the real attackers come to find you.

OK, so how does that work? How can I take a ‘safe punch’ on my production network from actual nasty malware and what not? This part is so cool.

Threat Simulator has a ‘Dark Cloud’ that does all that malicious stuff including housing external hackers, DNS servers, C2C servers, malicious hsecurity attack simulationosts, and more. Then the Threat Simulator Dark Cloud communicates with an agent placed in your network in minutes. Agent talks to Dark Cloud, Dark Cloud talks to Agent…and whatever happens in between is where the magic happens.

NGFW missing an attack? You’ll know. WAF default policy putting you at risk? You’ll know. DLP not DLPing? You’ll know. And, you’ll learn what to actually do to fix each of these issues. Imagine leaving work on a Friday with certifiable proof that what you did all week made you safer. That your total risk score went down. Cheers to that!

The fight is on and we are all doing everything we can to take that punch and land one of our own. Threat Simulator is your trainer, your partner, and your next opponent. Oh, and you can get to attacking yourself right now, from home, with our 7-day free trial. Once you verify your business email, you’ll be getting an email from me with a 6-minute video that will have your agents deployed and you running your first live security assessment.

Fight on!