Sunnyvale, CA – July 31, 2019. SafeBreach Inc, vendor of the industry leading Breach and Attack Simulation platform announced the availability of SafeBreach GRID(™) – Global Risk Director. SafeBreach GRID is the industry’s only breach and attack simulation application that uses correlative analytics to identify security gaps and link them to their potential business impact.
Existing solutions like vulnerability management, pen testing and basic breach and attack simulation, can find single point security gaps, but fail to take a system wide, multi-stage “Hacker’s view” of attacks that automatically attempts all available attack paths and then identifies all potential attacker kill chains. Moreover, no other systems today can rank security gaps discovered by their potential business impact if exploited.
SafeBreach GRID provides the data required for mitigation by correlating data from many complex, multi-stage simulations that run continuously to produce a posture impact score for each security gap found. Second, GRID ranks exploitable security gaps by potential business impact in a single recommendation matrix. This helps security teams prioritize which gaps to address, and provides precise recommendations on how to improve security product configurations to minimize the potential business impact of a breach. GRID also includes a set of risk indicators to help teams track and report on their progress.
“SafeBreach GRID correlates security gaps discovered during attack simulations with the value of potentially affected assets, automatically calculating the potential business impact of a misconfiguration. It helps my team prioritize which actions to take to maximize protection, and how to minimize the potential damage we might face if our systems were breached,” said Yaron Levi, CISO, Blue Cross and Blue Shield, Kansas City.
Prioritizing the response of a security team is one of the most critical needs today. According to Gartner, “Even when organizations are aware of gaps in the security posture, they don’t know where to start, especially in the case of a recent acquisition, in which the new environment might be completely unknown.” Gartner goes on to state, “Although it may sound overly dramatic, there is a veritable epidemic of misconfigured, disconnected, turned off, and non-optimized security tools all over the organization. There is also a possibility that an attacker that compromises a system and breaches an organization will disconnect the controls or interfere with their operation. Many recent breaches involved information security controls that have failed to pick up evidence of the attacker’s activity, as well as controls that were disabled by an attacker or an IT team.”*
“Breach and Attack Simulation products can easily find security configurations that are incomplete or wrong, but until now this has only produced a confusing kitchen sink of remediations that were not clearly correlated to risk or priority,” said Yotam Ben Ezra, VP Products at SafeBreach. “We built GRID because our customers asked us to help their security teams increase efficiency by identifying and addressing the most impactful issues first, based on rigorous analysis of their assets, the current threat landscape, and discovered misconfigurations or security gaps in their network, systems or endpoints. We give them the actionable guidance they need in order to update their configuration and secure their enterprise.”
The SafeBreach GRID works exclusively with the SafeBreach Platform and includes the following features:
- Easy to understand risk indicators to help quantify business risk.
- Analysis of multiple simulation results to provide prioritization of remediation activities.
- Detailed guidance on security configuration changes based on potential business impacts.
- Integration via the SafeBreach platform with a wide range of security tools to automatically gather and enrich SafeBreach’s analysis of enterprise network and endpoint security gaps for an organization.
*Gartner, Utilizing Breach and Attack Simulation Tools to Test and Improve Security, Augusto Barros, Anton Chuvakin, 18 May 2018