Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Application Security

8/20/2018
10:20 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SafeBreach Extends Breach and Attack Simulation Platform

New Capabilities Expand Coverage from Email-to-Endpoint; Also Adds Enhanced Remediation Support and Board Level Risk Scoring

SUNNYVALE, CA – August 20, 2018 - SafeBreach, the leader in Breach and Attack Simulation (BAS), today announced a major new platform upgrade that extends best-in-class actionable security data with new classes of simulations to validate security controls, additional board-level metrics to drive prioritization, and new integrations to speed the process of remediation. Already able to simulate more than 3,600 attack methods, these new additions expand simulations further across the entire kill chain, from email infection to endpoint compromise - and all phases in between. Combined with a new Demisto integration partnership and board-level risk metrics, SafeBreach continues to set the pace for BAS innovation.

These new enhancements come during a time of strong momentum for SafeBreach, including recently completing a new round of funding and being awarded the first patents in the BAS market.

“Our customers tell us they chose SafeBreach because we have the most accurate, and broadest, set of attack simulations across the kill chain -- from email to endpoint,” said CEO and Co-Founder Guy Bejerano at SafeBreach. “While continuously simulating attacks is a critical part of any BAS solution, driving actionable results is always the real goal—from executive communication, to risk assessment, to control validation and technology investment and remediation. These new platform updates extend each of these areas so customers can ensure their teams, tools and budgets are aligned to get the most from their security.”

SafeBreach provides security teams the ability to safely validate their security controls against thousands of real world attacks. Unlike penetration testing or red team engagements, SafeBreach validates security controls continuously using more than 3,600 comprehensive hacker breach methods without risking or interfering with user, data or system activity. Security teams can discover and mitigate security gaps across their network, in the cloud or on their endpoints. SafeBreach correlates and analyzes the results of each breach scenario, provides visualization and detailed kill-chain analysis and recommends proactive remediation steps to improve the security posture of the environment.  The new capabilities advance the SafeBreach platform with:  

  • Enhanced Email and Ransomware Simulations—extended infiltration simulation classes of email-based attacks. As a result, organizations can identify additional misconfigurations or gaps in email security controls. SafeBreach has also enhanced ransomware simulations to include file encryption to further validate the efficacy of behavioral endpoint security controls.
  • New Board-Level Risk Metrics—a new data analytics layer now augments existing security insights with board-level visibility and metrics.  The new capabilities includes immediate assessment of risk against known attacks, as well as at-a-glance risk scoring and critical asset protection status for communication to executive stakeholders.
  • Expanded Remediation Support—a new integration partnership with Demisto further drives automated security remediation. This partnership adds to existing remediation integrations across both automation and orchestration with others like Phantom, ServiceNow and Jira.

 

About SafeBreach

SafeBreach is the leader in Breach and Attack Simulation. The company’s groundbreaking platform provides a “hacker's view” of an enterprise’s security posture to proactively predict attacks, validate security controls and improve SOC analyst response. SafeBreach automatically executes thousands of breach methods from an extensive and growing Hacker’s Playbook™ of research and real-world investigative data. Headquartered in Sunnyvale, California, the company is funded by Sequoia Capital, Deutsche Telekom Capital Partners, Draper Nexus, Hewlett Packard Pathfinder, PayPal, and investor Shlomo Kramer. For more information, visitwww.safebreach.com or follow on Twitter @SafeBreach.

 

 

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
7 Truths About BEC Scams
Ericka Chickowski, Contributing Writer,  6/13/2019
DNS Firewalls Could Prevent Billions in Losses to Cybercrime
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/13/2019
Cognitive Bias Can Hamper Security Decisions
Kelly Sheridan, Staff Editor, Dark Reading,  6/10/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12855
PUBLISHED: 2019-06-16
In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
CVE-2013-7472
PUBLISHED: 2019-06-15
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
CVE-2019-12839
PUBLISHED: 2019-06-15
In OrangeHRM 4.3.1 and before, there is an input validation error within admin/listMailConfiguration (txtSendmailPath parameter) that allows authenticated attackers to achieve arbitrary command execution.
CVE-2019-12840
PUBLISHED: 2019-06-15
In Webmin through 1.910, any user authorized to the "Package Updates" module can execute arbitrary commands with root privileges via the data parameter to update.cgi.
CVE-2019-12835
PUBLISHED: 2019-06-15
formats/xml.cpp in Leanify 0.4.3 allows for a controlled out-of-bounds write in xml_memory_writer::write via characters that require escaping.