Application Security

8/20/2018
10:20 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SafeBreach Extends Breach and Attack Simulation Platform

New Capabilities Expand Coverage from Email-to-Endpoint; Also Adds Enhanced Remediation Support and Board Level Risk Scoring

SUNNYVALE, CA – August 20, 2018 - SafeBreach, the leader in Breach and Attack Simulation (BAS), today announced a major new platform upgrade that extends best-in-class actionable security data with new classes of simulations to validate security controls, additional board-level metrics to drive prioritization, and new integrations to speed the process of remediation. Already able to simulate more than 3,600 attack methods, these new additions expand simulations further across the entire kill chain, from email infection to endpoint compromise - and all phases in between. Combined with a new Demisto integration partnership and board-level risk metrics, SafeBreach continues to set the pace for BAS innovation.

These new enhancements come during a time of strong momentum for SafeBreach, including recently completing a new round of funding and being awarded the first patents in the BAS market.

“Our customers tell us they chose SafeBreach because we have the most accurate, and broadest, set of attack simulations across the kill chain -- from email to endpoint,” said CEO and Co-Founder Guy Bejerano at SafeBreach. “While continuously simulating attacks is a critical part of any BAS solution, driving actionable results is always the real goal—from executive communication, to risk assessment, to control validation and technology investment and remediation. These new platform updates extend each of these areas so customers can ensure their teams, tools and budgets are aligned to get the most from their security.”

SafeBreach provides security teams the ability to safely validate their security controls against thousands of real world attacks. Unlike penetration testing or red team engagements, SafeBreach validates security controls continuously using more than 3,600 comprehensive hacker breach methods without risking or interfering with user, data or system activity. Security teams can discover and mitigate security gaps across their network, in the cloud or on their endpoints. SafeBreach correlates and analyzes the results of each breach scenario, provides visualization and detailed kill-chain analysis and recommends proactive remediation steps to improve the security posture of the environment.  The new capabilities advance the SafeBreach platform with:  

  • Enhanced Email and Ransomware Simulations—extended infiltration simulation classes of email-based attacks. As a result, organizations can identify additional misconfigurations or gaps in email security controls. SafeBreach has also enhanced ransomware simulations to include file encryption to further validate the efficacy of behavioral endpoint security controls.
  • New Board-Level Risk Metrics—a new data analytics layer now augments existing security insights with board-level visibility and metrics.  The new capabilities includes immediate assessment of risk against known attacks, as well as at-a-glance risk scoring and critical asset protection status for communication to executive stakeholders.
  • Expanded Remediation Support—a new integration partnership with Demisto further drives automated security remediation. This partnership adds to existing remediation integrations across both automation and orchestration with others like Phantom, ServiceNow and Jira.

 

About SafeBreach

SafeBreach is the leader in Breach and Attack Simulation. The company’s groundbreaking platform provides a “hacker's view” of an enterprise’s security posture to proactively predict attacks, validate security controls and improve SOC analyst response. SafeBreach automatically executes thousands of breach methods from an extensive and growing Hacker’s Playbook™ of research and real-world investigative data. Headquartered in Sunnyvale, California, the company is funded by Sequoia Capital, Deutsche Telekom Capital Partners, Draper Nexus, Hewlett Packard Pathfinder, PayPal, and investor Shlomo Kramer. For more information, visitwww.safebreach.com or follow on Twitter @SafeBreach.

 

 

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
How Data Breaches Affect the Enterprise
How Data Breaches Affect the Enterprise
This report, offers new data on the frequency of data breaches, the losses they cause, and the steps that organizations are taking to prevent them in the future. Read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.
CVE-2018-16819
PUBLISHED: 2018-09-18
admin/index.php in Monstra CMS 3.0.4 allows arbitrary file deletion via id=filesmanager&path=uploads/.......//./.......//./&delete_file= requests.
CVE-2018-16820
PUBLISHED: 2018-09-18
admin/index.php in Monstra CMS 3.0.4 allows arbitrary directory listing via id=filesmanager&path=uploads/.......//./.......//./ requests.