Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Startup Offers Free Cyberattack Simulation Service
Newest First  |  Oldest First  |  Threaded View
jeromeo1969
jeromeo1969,
 User Rank: Apprentice
2/9/2017 | 2:22:26 PM
Excellent!
This dovetails nicely into what I have thought all along. Penetration Testing shouldn't be a twice a year endeavor, instead Red Teams should be constantly attacking the environments they are protecting. There is no such thing as a static environment, and new vulnerabilities are being found all the time!
danelleau1
danelleau1,
 User Rank: Author
12/9/2015 | 2:35:51 PM
Re: Cyberattack Simulation Service
theb0x - I understand your question now. You are correct, it would not make sense to simulate "reconnaissance". But reconnaissance isn't the only way to attack an organization, i.e. insider threats etc. It is important to validate lateral movement and data exfiltration as well.

As for the architecture, there are various deployment options available. The SaaS model is the vThreat model, talk to Marcus. We (SafeBreach) have an on-premise model that doesn't require SaaS. Happy to chat offline. 
theb0x
theb0x,
 User Rank: Ninja
12/9/2015 | 9:57:06 AM
Re: Cyberattack Simulation Service
The first phase of any cyberattack is always reconnaissance. This is public information gathered about the company. The second phase is enumeration. This where systems can be port scanned and the querying of individual services are performed to identify specific systems of weaknesses. It is not until the exploition phase is launched where the information identified as weaknesses can actually be confirmed. 

A simulation of this does not really confirm any weaknesses discovered. There is also a high probability of false positives.

A cyberattack does not involve deploying SaaS agents internally to the network to gather information. This is not how reconnaissance and enumeration are performed. Also loading such an agent may very well be exploitable by an actual attack through it's own weaknesses. 

 

danelleau1
danelleau1,
 User Rank: Author
12/9/2015 | 4:00:18 AM
Re: Cyberattack Simulation Service
It's different from vulnerability assessment. Here you are simulating the actions of an attacker, and the breach methods used may or may not take advantage of a vulnerability. It's more like an automated red team on a platform. 
theb0x
theb0x,
 User Rank: Ninja
12/8/2015 | 12:27:01 PM
Cyberattack Simulation Service
How is this any different than a vulnerability assessment? No exploits are actually launched and the probable damage is based on the value of a company's assests and the severity of a successful attack. That's what CVEs are for. Even running scans on a production network can have a negative impact depending on how many nodes and how aggressive it is. Even without using any exploit code things can and will still break.
Sara Peters
Sara Peters,
 User Rank: Author
12/4/2015 | 11:35:55 AM
Good news for SMBs
This is something that SMBs could actually afford, and might teach them more about security than the average static monitoring software. But it could also be good for the larger companies if they actually do use it as an "in-between pen tests" maintenance tool. 
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
12/3/2015 | 5:36:28 AM
Counter to M&M Security
Sounds like a great service lest we become to complacent about M&M security (hard on the outside, soft inside).  Security is not just about the outer gates; it's about everything that happens within the walls as well.
danelleau1
danelleau1,
 User Rank: Author
12/2/2015 | 4:26:30 PM
Attack Validation
If attackers are being successful, it makes sense to play that role. Attack validation allows organizations to adopt an offensive security mindset in the right way (i.e. without the implications and potential legal backlash from fighting back against attackers), and complements existing security solutions. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The 10 Most Impactful Types of Vulnerabilities for Enterprises Today
Managing system vulnerabilities is one of the old est - and most frustrating - security challenges that enterprise defenders face. Every software application and hardware device ships with intrinsic flaws - flaws that, if critical enough, attackers can exploit from anywhere in the world. It's crucial that defenders take stock of what areas of the tech stack have the most emerging, and critical, vulnerabilities they must manage. It's not just zero day vulnerabilities. Consider that CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilitlies in widely used applications that are "actively exploited," and most of them are flaws that were discovered several years ago and have been fixed. There are also emerging vulnerabilities in 5G networks, cloud infrastructure, Edge applications, and firmwares to consider.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-1172
PUBLISHED: 2023-03-17
The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the full name value in versions up to, and including, 21.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that w...
CVE-2023-1469
PUBLISHED: 2023-03-17
The WP Express Checkout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pec_coupon[code]’ parameter in versions up to, and including, 2.2.8 due to insufficient input sanitization and output escaping. This makes it possible for authenti...
CVE-2023-1466
PUBLISHED: 2023-03-17
A vulnerability was found in SourceCodester Student Study Center Desk Management System 1.0. It has been rated as critical. This issue affects the function view_student of the file admin/?page=students/view_student. The manipulation of the argument id with the input 3' AND (SELECT 2100 FROM (SELECT(...
CVE-2023-1467
PUBLISHED: 2023-03-17
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. Affected is an unknown function of the file Master.php?f=delete_img of the component POST Parameter Handler. The manipulation of the argument path with the input C%3A%2Ffoo.txt le...
CVE-2023-1468
PUBLISHED: 2023-03-17
A vulnerability classified as critical was found in SourceCodester Student Study Center Desk Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=reports&date_from=2023-02-17&date_to=2023-03-17 of the component Report Handler. The manipula...