Aug 2, 2023

SafeBreach and Recorded Future: Operationalizing Threat Intelligence with Breach and Attack Simulation

In response to more aggressive cyber threat activity, modern enterprises have had to adopt a more offensive mindset in securing their environment. Rather than putting security controls in place and hoping they are adequate (or engaging in some annual testing process), many security teams are looking to breach and attack simulation (BAS) and threat intelligence (TI) tools to proactively anticipate emerging threats and constantly test their controls against attacks.

Threat intelligence can provide critical insight about what is changing in the threat landscape, but without a process to operationalize the insight, it’s just more information. Combining BAS with TI not only offers a proactive approach but also provides the context needed to identify and remediate threats quickly. By testing security controls against real-world attack scenarios based on up-to-date threat intelligence, organizations can prioritize risk management efforts and ensure continuous security validation.

Operationalizing Threat Intelligence with SafeBreach and Recorded Future

We are excited to introduce a step forward in combining security insight and action with a new integration between SafeBreach, the pioneer in breach and attack simulation, and Recorded Future, the leading threat intelligence provider. The integration allows SafeBreach users to ingest contextual threat intelligence, correlating SafeBreach’s Hacker’s Playbook attacks with indicators of compromise (IOCs) and techniques, tactics, and procedures (TTPs) shown on Recorded Future’s Threat Map. SafeBreach is currently the only BAS provider with a Recorded Future integration.

Jamie Zajac, VP of Product Management at Recorded Future, states, “This collaboration represents a powerful union of threat intelligence and breach simulation, empowering organizations to proactively defend against emerging cyber threats. Together, we’re arming security teams with the intelligence and validation they need to stay one step ahead of attackers and secure their digital assets effectively.”

Empowering Your Defense Strategy

The integration starts with Recorded Future’s contextual threat intelligence, combining real-time data on adversaries, their infrastructure, and targeted organizations. This threat intelligence includes indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) used by specific threat actors.

The SafeBreach platform ingests this threat intelligence and correlates it with existing attack scenarios from our extensive Hacker’s playbook, adding valuable context to understand the scope of potential attacks. Security teams can also use SafeBreach to create customized attack simulations based on the relevant IOCs and TTPs provided by Recorded Future. This enables organizations to understand and optimize their security control performance against specific threats that are pertinent to their environment. The continuous validation of security controls enables teams to identify any changes to the baseline organizational security posture and proactively respond to emerging threats.

By combining the strengths of Recorded Future’s relevant, contextual, and timely threat intelligence with SafeBreach’s breach and attack simulation capabilities, security teams can also prioritize vulnerability remediation based on business risk and stay one step ahead of attackers. The integration helps security teams make informed decisions, enhance their security posture, and effectively defend against the ever-changing threat landscape.

Common Use Cases Allow Users to: 

Gain a comprehensive understanding of the threat landscape

Solution – Recorded Future connects billions of entities in real-time automatically by collecting data across adversaries, their infrastructure, and the organizations they target, allowing security teams to gain actionable insights about attacker intent. SafeBreach ingests these IOCs and TTPs and correlates them with existing attacks from our Hacker’s playbook, adding valuable context that can not only help understand the scope of the attack but also determine the best way to remediate the threat. SafeBreach also makes it easy for security teams to create new, customized attack simulations based on any relevant IOCs or TTPs related to the organization, so they can understand and optimize their security control performance against evolving threats.

Validate and improve the efficacy of your security operations

Solution – SafeBreach offers the industry’s largest continuously updated attack playbook (28k+ attacks) and a 24-hour SLA to add newly identified attacks from US-CERT and FBI Flash alerts. When combined with the ability to create customized attacks using Recorded Future’s contextual threat Intelligence, security teams can easily and continuously validate the efficacy of deployed security controls against evolving threats. Teams can use these validation results to identify any changes to the baseline organizational security posture and create alert rules to not only reduce alert fatigue but also reliably and dynamically identify posture drift in the future.

Regardless of the use case, this integration enables security teams to have a deeper understanding of potential threats, reduce false positives, and enhance incident response readiness. Itzik Kotler, co-founder and CTO of SafeBreach, adds “SafeBreach is currently the only BAS provider in the market that allows users to operationalize threat intelligence to create custom and relevant attacks based on the feeds they trust. By integrating with Recorded Future, we allow our customers to leverage the strengths from two industry-leading products to improve their security posture and proactively defend against evolving threats.”

Interested in Learning More?

Chris Coburn, Recorded Future’s Senior Technology Alliances Architect, will be presenting a high-level overview of the integration at the SafeBreach booth (#1468) on Wednesday, (August 9th) at 11:30 a.m. PT. Come visit us at Black Hat, Las Vegas. 

Koby Bar, SafeBreach’s Vice President of Product, and  Chris Coburn, Recorded Future’s Senior Technology Alliances Architect, presented a webinar to discuss how security teams can leverage the SafeBreach platform to create custom attacks based on Recorded Future’s contextual threat intelligence to proactively identify, prioritize, and respond to threats that are relevant to their organization. View now.

Get the latest
research and news