Application Security

8/20/2018
10:20 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SafeBreach Extends Breach and Attack Simulation Platform

New Capabilities Expand Coverage from Email-to-Endpoint; Also Adds Enhanced Remediation Support and Board Level Risk Scoring

SUNNYVALE, CA – August 20, 2018 - SafeBreach, the leader in Breach and Attack Simulation (BAS), today announced a major new platform upgrade that extends best-in-class actionable security data with new classes of simulations to validate security controls, additional board-level metrics to drive prioritization, and new integrations to speed the process of remediation. Already able to simulate more than 3,600 attack methods, these new additions expand simulations further across the entire kill chain, from email infection to endpoint compromise - and all phases in between. Combined with a new Demisto integration partnership and board-level risk metrics, SafeBreach continues to set the pace for BAS innovation.

These new enhancements come during a time of strong momentum for SafeBreach, including recently completing a new round of funding and being awarded the first patents in the BAS market.

“Our customers tell us they chose SafeBreach because we have the most accurate, and broadest, set of attack simulations across the kill chain -- from email to endpoint,” said CEO and Co-Founder Guy Bejerano at SafeBreach. “While continuously simulating attacks is a critical part of any BAS solution, driving actionable results is always the real goal—from executive communication, to risk assessment, to control validation and technology investment and remediation. These new platform updates extend each of these areas so customers can ensure their teams, tools and budgets are aligned to get the most from their security.”

SafeBreach provides security teams the ability to safely validate their security controls against thousands of real world attacks. Unlike penetration testing or red team engagements, SafeBreach validates security controls continuously using more than 3,600 comprehensive hacker breach methods without risking or interfering with user, data or system activity. Security teams can discover and mitigate security gaps across their network, in the cloud or on their endpoints. SafeBreach correlates and analyzes the results of each breach scenario, provides visualization and detailed kill-chain analysis and recommends proactive remediation steps to improve the security posture of the environment.  The new capabilities advance the SafeBreach platform with:  

  • Enhanced Email and Ransomware Simulations—extended infiltration simulation classes of email-based attacks. As a result, organizations can identify additional misconfigurations or gaps in email security controls. SafeBreach has also enhanced ransomware simulations to include file encryption to further validate the efficacy of behavioral endpoint security controls.
  • New Board-Level Risk Metrics—a new data analytics layer now augments existing security insights with board-level visibility and metrics.  The new capabilities includes immediate assessment of risk against known attacks, as well as at-a-glance risk scoring and critical asset protection status for communication to executive stakeholders.
  • Expanded Remediation Support—a new integration partnership with Demisto further drives automated security remediation. This partnership adds to existing remediation integrations across both automation and orchestration with others like Phantom, ServiceNow and Jira.

 

About SafeBreach

SafeBreach is the leader in Breach and Attack Simulation. The company’s groundbreaking platform provides a “hacker's view” of an enterprise’s security posture to proactively predict attacks, validate security controls and improve SOC analyst response. SafeBreach automatically executes thousands of breach methods from an extensive and growing Hacker’s Playbook™ of research and real-world investigative data. Headquartered in Sunnyvale, California, the company is funded by Sequoia Capital, Deutsche Telekom Capital Partners, Draper Nexus, Hewlett Packard Pathfinder, PayPal, and investor Shlomo Kramer. For more information, visitwww.safebreach.com or follow on Twitter @SafeBreach.

 

 

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RIP, 'IT Security'
Kevin Kurzawa, Senior Information Security Auditor,  11/13/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Online Malware and Threats: A Profile of Today's Security Posture
Online Malware and Threats: A Profile of Today's Security Posture
This report offers insight on how security professionals plan to invest in cybersecurity, and how they are prioritizing their resources. Find out what your peers have planned today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17906
PUBLISHED: 2018-11-19
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.
CVE-2018-9209
PUBLISHED: 2018-11-19
Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2
CVE-2018-9207
PUBLISHED: 2018-11-19
Arbitrary file upload in jQuery Upload File <= 4.0.2
CVE-2018-15759
PUBLISHED: 2018-11-19
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perfo...
CVE-2018-15761
PUBLISHED: 2018-11-19
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges...