Attack simulation emerging as a way to test network security on demand and without exploits.

First came penetration testing, then the tabletop exercise, and now attack simulation -- the relatively nascent practice of war-gaming attacks on your network to gauge how prepared (or not) you are, and where your weaknesses reside.

Unlike pen-testing, attack simulation doesn't run exploit code. It's more about simulating the way attackers do their dirty work, from composing a phishing email and infecting a machine to the path the take to access and then pilfer credit-card data out of company. Attack simulation startup vThreat today announced free access to its software-as-a-service based applications.

The concept of simulating and providing a detailed postmortem of how an attacker could hack you is capturing some venture capital interest:  Israel-based startup SafeBreach, which provides attack simulation via a platform model, recently raised some $4 million via Sequoia Capital and serial entrepreneur and angel investor Shlomo Kramer.

vThreat was founded by Marcus Carey, a former security researcher with Rapid7 and one of the architects of the US Department of Defense Cyber Crime Center's live network investigations course. Carey says vThreat simulates what an attacker could actually do to an organization's infrastructure, and shows the attack sequence through the hacker's eyes.

It's not a replacement for penetration testing. "We don't replace pen testing, but we do augment it and give blue teamers an opportunity to simulate adversaries, between penetration tests," Carey says.

"We do 80 percent of what a pen tester does, without exploitation," he says. The goal is to keep on top of your security posture between pen tests and attacks or attack attempts.

Carey says vThreat uses a JavaScript agent in its tools. The various attack apps can imitate the techniques and movements of an attacker, including the scanning of local systems and the theft of information. "We concentrate on the movements an attacker makes on the network," he says.

The new free vThreat Apps SaaS doesn't provide all of the detailed reporting and analytics and exclusive apps that the paid subscription offers, but it does include a full enterprise-wide breach option, with limited reporting, Carey says. A vThreat Pro annual subscription costs $4,995, and vThreat Enterprise is priced based on the size of an organization, he says.

Aside from a full enterprise-wide attack, the apps include specific attack scenarios such as SSN exfiltration, executable download, DNS tunneling, egress scanning, and a tool for testing the organization's incident response.

Andrew Hay, director of research, OpenDNS, says attack simulation lets companies more regularly  probe at the security of their network, especially as changes are made to the infrastructure. "If you add a new network security device, does it actually make a difference to your overall attackable surface area? Does one product work better than another for detecting or blocking specific threats?" he says. "[It] also provides a way to test the efficacy of your security program and that of your organization's ability to respond to incidents," he notes.

Services like vThreat's are more affordable for midsized companies that can't afford to hire full-time security testing talent, he says.

Guy Bejerano, CEO and co-founder of SafeBreach, describes his firm's attack simulation platform as a way for companies to deploy offensive security in order to root out their vulnerabilities to attack. In a recent blog post, he called it a "'red team' on a platform."

Here Are Your Security Holes. Now What?

The simulation service has a botnet that vThreat controls, according to Carey, for a realistic attack scenario. "We're not dropping any code or backdoors," he says, but the tests produce RAR files with sample credit-card files if the attack was able to find "blind spots" in the network.

The catch with these attack simulations is the response side of the equation, however. OpenDNS's Hay says what you do with the information and problems these tests expose is the big challenge for companies. "If you see that DNS tunneling can be used to exfiltrate data from your network, how do you stop it? What's the best course of action?" he says.

Carey says companies in the financial services, energy, healthcare, and software startup sectors are currently using its SaaS.

"The primary benefit I see is that these types of  simulations allow for ongoing and scheduled testing of deployed technical controls" such as those of firewalls, IPS, proxies, and other systems, OpenDNS's Hay says. It also provides a way to measure whether adding a new security tool actually makes a difference, or which ones work better than others, he says.

"It's a fantastic 'product bake-off simulator,'" Hay says.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights