• Why being hacked can be a good thing

Why being hacked can be a good thing

11 March 2019|

Are you aware of the key players in the BAS-marketplace? Don’t feel too bad, because Breach and Attack Simulation (BAS) has only recently entered the mainstream in cybersecurity. SafeBreach is one of the few companies that can justly claim to have pioneered this new market segment. Dutch cybersecurity specialist ON2IT was the first European partner signed by SafeBreach two years ago, and now offers the market-leading BAS solution as a part of its virtual SOC app.

A hacker’s view

Since its startup in 2014, SafeBreach has been building a platform that provides a ‘hacker’s view’ of an enterprise’s security posture to proactively predict attacks, validate security controls and improve SOC analyst responses. SafeBreach automatically executes thousands of breach methods from an extensive and growing Hacker’s Playbook of research and real-world investigative data. 

Can this happen to us?

Before setting up SafeBreach, co-founder Guy Bejerano was responsible for cybersecurity at LivePerson, a public company. Around 2013, the LivePerson board of directors was alarmed by hacks and data theft at other Internet companies. “Can that happen to us?” was the simple question the CEO asked. Bejerano hired a team of hackers to find out any weaknesses in their system. But did these hackers use the most current and dangerous-attack techniques?

The start of a business

That was the moment that Bejerano and his friend Izik Kotler decided to start a business, SafeBreach, that would offer answers to CEOs’ legitimate questions. The concept can be summed up as: “Let’s play hacker”. The vision was much more ambitious than just hiring hackers on an hourly basis. In order to imitate malicious hackers, you have to simulate the way hackers work in a realistic way. In the first place, you have to be exposed to attacks 24 hours a day, and not just for a few days during a PEN test. In addition to that, hackers are enormously creative and are cooperating closely.

Simulations in a controlled manner

The SafeBreach solution is an automated platform that simulates 24/7 hacking attacks in a controlled manner. The most important SafeBreach innovation is the use of sensors and simulators placed in different locations within the company network and that can communicate with each other. Sensor A, for example, can be placed in a virtual machine with customer data and sensor B in a separate segment of the company network or in a cloud data center.

Potential risks

If we can demonstrate that credit card information or patient data can be exchanged between these two sensors, then this is a possible security risk. If we can then demonstrate that we can establish a connection between a third simulator outside the corporate network and sensor B, we have shown that there is a possible path for data extrusion. The simulators can be deployed at all possible locations: in virtual machines, in endpoints and in public cloud services.

A permanent security audit

“SafeBreach can be viewed as a permanent security audit”, says Marcel van Eemeren, CEO of ON2IT, the first European Managed Security Service Provider with which SafeBreach entered a partnership two years ago. He describes the SafeBreach philosophy as in line with ON2IT’s view that cybersecurity is a continuous process. “SafeBreach is a safe way to simulate real-world attacks. Because these simulations are active 24/7, you’ll immediately receive a notification when, after an update or a new configuration in your data center or cloud service, new vulnerabilities were created.”

Integrated in the ON2IT SOC app

ON2IT provides the integration with SafeBreach as part of its virtual SOC application developed for the Palo Alto Networks Application Framework. “Through the APIs available in the framework, we can offer our customers a much higher level of integration, and display the SafeBreach alerts in our SOC dashboard.”

Simulations of over 3600 attack methods

SafeBreach has announced a major platform upgrade with new classes of simulations to validate security controls, additional board-level metrics to drive prioritization, and new integrations to speed up the remediation process. Already able to simulate more than 3,600 attack methods, these new additions expand simulations even further.

Driving actionable results is always the real goal

“Customers are chosing SafeBreach because we have the most accurate, and broadest, set of attack simulations across the kill chain, from email to endpoint,” says CEO Bejerano. “While continuously simulating attacks is a critical part of any BAS solution, driving actionable results is always the real goal – from executive communication, to risk assessment, to control validation and technology investment and remediation.”

Recommendations for a better security

SafeBreach correlates and analyzes the results of each breach scenario, provides visualization and detailed kill-chain analysis and recommends proactive remediation steps to improve the security posture of the environment. SafeBreach offers extended infiltration simulation classes of email-based attacks. As aresult, organizations can identify additional misconfigurations or gaps in email security controls. SafeBreach has also enhanced ransomware simulations to include file encryption to further validate the efficacy of behavioral endpoint security controls.

At-a-glance risk scoring

The new data analytics layer now augments existing security insights with board-level visibility and metrics. A new integration partnership with Demisto further drives automated security remediation. This partnership adds to existing remediation integrations across both automation and orchestration with others like Phantom, ServiceNow and Jira.

A market leader

“SafeBreach has become the leader in their market segment,” ON2IT’s Van Eemeren concludes, “And with this new update, they’re raising the bar even further. Today, it’s almost impossible to imagine a successful cybersecurity approach without the safeguard of simulating breach methods.”