Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Startup Offers Free Cyberattack Simulation Service
Newest First  |  Oldest First  |  Threaded View
jeromeo1969
50%
50%
jeromeo1969,
User Rank: Apprentice
2/9/2017 | 2:22:26 PM
Excellent!
This dovetails nicely into what I have thought all along. Penetration Testing shouldn't be a twice a year endeavor, instead Red Teams should be constantly attacking the environments they are protecting. There is no such thing as a static environment, and new vulnerabilities are being found all the time!
danelleau1
50%
50%
danelleau1,
User Rank: Author
12/9/2015 | 2:35:51 PM
Re: Cyberattack Simulation Service
theb0x - I understand your question now. You are correct, it would not make sense to simulate "reconnaissance". But reconnaissance isn't the only way to attack an organization, i.e. insider threats etc. It is important to validate lateral movement and data exfiltration as well.

As for the architecture, there are various deployment options available. The SaaS model is the vThreat model, talk to Marcus. We (SafeBreach) have an on-premise model that doesn't require SaaS. Happy to chat offline. 
theb0x
50%
50%
theb0x,
User Rank: Ninja
12/9/2015 | 9:57:06 AM
Re: Cyberattack Simulation Service
The first phase of any cyberattack is always reconnaissance. This is public information gathered about the company. The second phase is enumeration. This where systems can be port scanned and the querying of individual services are performed to identify specific systems of weaknesses. It is not until the exploition phase is launched where the information identified as weaknesses can actually be confirmed. 

A simulation of this does not really confirm any weaknesses discovered. There is also a high probability of false positives.

A cyberattack does not involve deploying SaaS agents internally to the network to gather information. This is not how reconnaissance and enumeration are performed. Also loading such an agent may very well be exploitable by an actual attack through it's own weaknesses. 

 

danelleau1
50%
50%
danelleau1,
User Rank: Author
12/9/2015 | 4:00:18 AM
Re: Cyberattack Simulation Service
It's different from vulnerability assessment. Here you are simulating the actions of an attacker, and the breach methods used may or may not take advantage of a vulnerability. It's more like an automated red team on a platform. 
theb0x
50%
50%
theb0x,
User Rank: Ninja
12/8/2015 | 12:27:01 PM
Cyberattack Simulation Service
How is this any different than a vulnerability assessment? No exploits are actually launched and the probable damage is based on the value of a company's assests and the severity of a successful attack. That's what CVEs are for. Even running scans on a production network can have a negative impact depending on how many nodes and how aggressive it is. Even without using any exploit code things can and will still break.
Sara Peters
50%
50%
Sara Peters,
User Rank: Author
12/4/2015 | 11:35:55 AM
Good news for SMBs
This is something that SMBs could actually afford, and might teach them more about security than the average static monitoring software. But it could also be good for the larger companies if they actually do use it as an "in-between pen tests" maintenance tool. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
12/3/2015 | 5:36:28 AM
Counter to M&M Security
Sounds like a great service lest we become to complacent about M&M security (hard on the outside, soft inside).  Security is not just about the outer gates; it's about everything that happens within the walls as well.
danelleau1
50%
50%
danelleau1,
User Rank: Author
12/2/2015 | 4:26:30 PM
Attack Validation
If attackers are being successful, it makes sense to play that role. Attack validation allows organizations to adopt an offensive security mindset in the right way (i.e. without the implications and potential legal backlash from fighting back against attackers), and complements existing security solutions. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37759
PUBLISHED: 2021-07-31
A Session ID leak in the DEBUG log file in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2021-37760
PUBLISHED: 2021-07-31
A Session ID leak in the audit log in Graylog before 4.1.2 allows attackers to escalate privileges (to the access level of the leaked session ID).
CVE-2020-26564
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFil...
CVE-2020-26565
PUBLISHED: 2021-07-31
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data.
CVE-2020-26806
PUBLISHED: 2021-07-31
admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted File Upload of executable JSP files, resulting in remote code execution, because filePath can have directory traversal and fileContent can be valid JSP code.