The new SafeBreach capabilities enable security teams to ensure they are patching the most important vulnerabilities first and can extend their security testing and stance to their growing cloud native infrastructure.
SUNNYVALE, CALIFORNIA – February 19 2020 – SafeBreach, the market leading Breach-and-Attack Simulation (BAS) platform, announced the release of two powerful new capabilities - Risk-Based Vulnerability Management integration and Cloud Native Container Security - to address the most pressing problems that face SecOps and DevOps teams today. SecOps and vulnerability management teams struggle to sort through thousands of potential remediations and patches to focus on those which address the greatest business and security risk. At the same time, the adoption of containers and cloud-native infrastructure has elevated the importance of testing and validating security controls that protect private, public and hybrid clouds.
With these two new capabilities, SafeBreach empowers security teams to focus on the right problems first, and gives security teams the capabilities they have long sought to validate deployed controls against their fast-changing cloud native stacks.
Security teams today are literally drowning in vulnerability and risk remediation data. Tracking, analyzing and managing all this data manually is challenging, if not impossible. Patches are deployed based on risk scores supplied by vulnerability and threat intelligence data and security frameworks without regard for actual business risk.
For example, a vulnerability may be ranked as “medium risk” in the vulnerability report because it is not present on a critical asset, but it actually presents a very high risk to a business because it is present in systems which have easy access to critical assets and important data. At the same time, a vulnerability ranked as “high risk” may present only a minimal risk in reality if it is already blocked. Without the ability to take into account security controls deployed in the organization, security teams waste time applying patches against low-risk vulnerabilities and fixing security control gaps that are not mission critical.
At the same time, vulnerabilities that could result in serious breaches and large monetary damages are left ignored. This exposes organizations to a greater potential for major breaches and security incidents, as well as compliance and audit failures. Poorly designed remediation strategies can also result in unnecessary downtime, which impacts customer satisfaction and may violate SLAs, triggering costly penalties.
To solve this problem, the new Risk-Based Vulnerability Management module from SafeBreach combines vulnerability scan results with attack simulation data against both hosts and networks. It scores the results against risk criteria to generate a comprehensive vulnerability management prioritization plan that takes the guesswork out of patching. The risk criteria are defined by the user team managing the SafeBreach solution, enabling the business to customize fine-grained risk postures that map precisely to security stance and vulnerability management. The risk plan is easy to understand and apply, and makes remediation planning accessible to risk managers not well versed in the security jargon and structure of CVEs and technical reports.
“In our continuous engagement with CISOs, CIOs and security team leads, they have made clear that their most painful problem has been prioritization and understanding of risks. They were constantly worried that they were not patching the most important vulnerabilities or remediating the biggest risks to their business, because their security control strategy was not taken into account.” says Yotam Ben Ezra, VP Products at SafeBreach. “With SafeBreach Risk-Based Vulnerability Management prioritization, security teams can be sure that they are concentrating on the patches that matter the most, every day, all the time.”
According to Gartner’s 2019 Market Guide for Vulnerability Assessment (Gartner subscription required) “Vulnerability assessment buyers are shifting from tools that only identify vulnerabilities, to those that proactively assess and manage the risks posed by those weaknesses. This is primarily being addressed by new vendors offering vendor-agnostic products, prompting companies offering solutions to update their offerings.”
As the global infrastructure has rapidly migrated to the cloud, the need for solutions to validate the security controls of container-based infrastructure has grown exponentially. This gap is made more critical by the tendency of development teams to make many more code pushes to update cloud-native applications and infrastructure, as compared to the number of updates to legacy infrastructures. In addition, the ephemeral nature of cloud native infrastructure and applications makes them challenging to secure. Not surprisingly, malicious hackers have started to focus on virtual infrastructure as a target-rich environment for new exploits.
The new Cloud Native Container Security capabilities of SafeBreach extend full BAS coverage via a new Docker simulator to security teams that manage container-based infrastructures deploying Docker, the most widely used container software stack. These teams increasingly play a role in the security stance for cloud native deployments where modern Developer Operations (DevOps) practices use Continuous Integration / Continuous Deployment (CI/CD) to rapidly iterate and ship new code. This reality means a constantly shifting attack surface, making continuous testing and validation even more critical to security hygiene.
SafeBreach simulates a growing universe of attacks against the Docker data plane, network and API, including attacks that involve process injection, rogue applications, system changes and lateral movement from container to container. The SafeBreach BAS now contains Docker-based attack techniques drawn from the SafeBreach Hacker’s Playbook™, the largest collection of breach methods on the market today.
“More and more of our customers are moving critical systems and applications into the cloud, where they face new risks and challenges to ensuring that their security posture and controls can block next-generation attacks on containers,” says Yotam Ben Ezra, VP Products, SafeBreach . “With our new Cloud and Container Security features, their security teams can easily extend their BAS coverage to encompass all types of virtual infrastructure and keep up with the rapid pace of deployments that make cloud native environments so dynamic and difficult to defend.”
Built by a team of cybersecurity experts and hackers with decades of experience on the front lines of information security and cyberwarfare, SafeBreach empowers SecOps teams to optimize their controls and configurations on a continuous basis to ensure all networks and hosts are as secure as possible. SafeBreach BAS makes it simple for users to simulate attacks to match any infrastructure footprint, visualize weaknesses in their security controls, and holistically remediate gaps and vulnerabilities to provide the best possible security posture. SafeBreach provides easy-to-understand, intelligent insights on which security gaps to prioritize for remediation based on business risk, and clear remediation steps. Remediation data is automatically pre-formatted for consumption by leading security controls, making it a matter of simple clicks to close security holes. Only SafeBreach offers an industry-leading SLA that promises the addition of new breach methods to its attack simulation library within 48 hours of disclosure.
SafeBreach maintains the largest collection of attack tactics, techniques and procedures in the industry, giving SafeBreach BAS users the broadest and most up-to-date cybersecurity attack simulation coverage on the market today. Thousands of controlled, safe forms of real cyber attacks are available as part of the SafeBreach Hacker’s Playbook™. With 10,000+ breach and attack methods, this playbook is based on actual attacks, active investigations and cutting-edge research. With the new product capabilities for Risk-Based Vulnerability Management and Cloud Native Security for Docker container attack simulations, SafeBreach continues to deliver bleeding-edge capabilities to help SecOps and Vulnerability Management teams stay ahead of attackers and optimize their security postures.
Please read the SafeBreach blogs on Using Breach and Attack Simulation to Effectively Prioritize Vulnerabilities and Meeting the challenge - Using SafeBreach to stay on top of Cloud Native Security for more information.
SafeBreach will present the new capabilities at the RSA Conference, Feb 23-27 in San Francisco, Booth N-5353.
SafeBreach is a leader in breach and attack simulation. The company’s groundbreaking patented platform provides a “hacker's view” of an enterprise’s security posture to proactively predict attacks, validate security controls and improve security operations center (SOC) analyst response. SafeBreach automatically executes thousands of breach methods from its extensive and growing Hacker’s Playbook™ of research and real-world investigative data. Headquartered in Sunnyvale, California, the company is funded by Sequoia Capital, Deutsche Telekom Capital Partners, DNX Ventures, Hewlett Packard Pathfinder, PayPal and investor Shlomo Kramer. For more information, visit www.safebreach.com or follow us on Twitter @SafeBreach.