“The need to reduce cyber risk has never been greater, and SafeBreach has demonstrated excellence in this regard. The TAG Cyber analysts have selected SafeBreach as a 2022 Distinguished Vendor, and such award is based on merit. Enterprise teams using SafeBreach’s platform will experience world-class risk reduction. Nothing is more important in enterprise security today.” – TAG Cyber

Breach and attack simulation (BAS) is a fast-growing method for enterprise security teams seeking more effective ways to reduce cyber risk. SafeBreach is a pioneer and leader in the BAS field, with proven experience serving enterprise teams across a variety of industries. TAG Cyber asked our cofounder and CTO, Itzik Kotler, to share how the SafeBreach BAS platform works and explain how it stands out amongst other BAS tools.

TAG Cyber (TC): What is meant by breach and attack simulation (BAS)?

Itzik Kotler (IK): BAS tools can effectively help security teams prepare for cyber threats. However, not all BAS platforms are created equal. SafeBreach offers a powerful and versatile solution that allows security teams to safely execute a variety of realistic and advanced attacks against their security controls to gain visibility into security gaps. As a result, they are able to improve the efficacy of the security operation center (SOC) by reducing the mean time to detect (MTTD) and mean time to respond (MTTR).

When helping prepare for a ransomware attack, SafeBreach offers a host of unique, built-in capabilities that enable security teams to understand the scope and nature of the attack by thinking like the attacker. In 2021 alone, SafeBreach added 120 new attacks identified in US-CERT and other high-profile alerts, including several new malware, zero days, and critical vulnerabilities. Another 78 were ransomware-specific attacks in 2021. These scenarios provide templates to create and run tests that cover prevalent attacker behaviors that may lead to cyberattacks on organizations.

TC: How does the SafeBreach platform work?

IK: We are the industry’s only BAS application that uses correlative analytics to identify security gaps and link them to their potential business impact. This is a key differentiator between SafeBreach and other BAS platforms. While others solely examine attacks at the individual level, we correlate data from a large number of simulations to generate a priority-based set of recommendations.

SafeBreach’s “Hacker’s Playbook” is the largest, most detailed, and most up-to-date compendium of programmatically accessible exploits and known attack types in the world, with over 25,000 breach methods, all of which can be run by SafeBreach’s system on a continuous basis without impacting an organization’s assets or networks. Our lab is dedicated to tracking the industry and updating the playbook based on government alerts within 24 hours. 

This is a strong competitive advantage. Data from our validations can improve SOC team responses and empower management teams to better manage risk and invest resources. SafeBreach enables data-driven risk analysis, resource prioritization, and guided mitigation. The platform continuously and safely tests and optimizes the effectiveness of your security infrastructure against the business value of your assets and helps security teams ensure their security controls and processes are effective against real-world attackers by continuously challenging them.

SafeBreach’s vision is to transform the way the industry validates security to enable security teams to understand and reduce risk continuously, from static to continuous, from theoretical to practical, from risky to safe. After all, when companies know which security controls actually work in their environment, they can invest for real impact and protect more. They can quantify risks to the business and drive a security strategy aligned with the company’s business growth. What SafeBreach does—validating security controls continuously—changes the mindset of defenders to be offensive and proactive, and the end result is that we help build a safer world.

TC: How do your customers integrate the platform into their overall security validation program?

IK: Our platform allows businesses to crash-test their networks to find the holes in their security stacks while simultaneously optimizing customers’ spend on cybersecurity. With our BAS technology, businesses can test their security tools against thousands of attack methods included in our playbook. Customers can see at which phase of an attack they are most vulnerable and which tools they employ leave gaps for attackers to exploit. As customers run through these simulations, they also receive validation—or lack thereof—that their security tools are working effectively. 

SafeBreach will identify tools that aren’t working properly, and thus provide the CISO and buyers with insights into where their investments are paying off and where they’re burning a hole in their wallets. Through integrations with a wide variety of technology partners, SafeBreach unifies people, processes, and technology and helps security teams understand the real risk to the business and improve overall SOC process efficiency. Yes, time is money…but so is money. And SafeBreach ensures it’s invested in the right places. We provide a holistic view of an enterprise’s security posture, allowing key stakeholders to make informed security decisions to protect themselves against an ever-changing threat landscape.

The TAG Cyber Quarterly includes original works from analysts, including interviews with cybersecurity leaders and innovators. Check out the latest edition, available now for free download, to read the full interview with SafeBreach’s Itzik Kotler and gain more insights from TAG Cyber’s unbiased industry reporting, surveys, and analysis.