Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Database Security
Authentication
Mobile
Privacy
Compliance
Careers and People
Identity & Access Management
Security Monitoring
Advanced Threats
Insider Threats
Vulnerability Management
Comments
Startup Offers Free Cyberattack Simulation Service
Newest First  |  Oldest First  |  Threaded View
jeromeo1969
jeromeo1969,
 User Rank: Apprentice
2/9/2017 | 2:22:26 PM
Excellent!
This dovetails nicely into what I have thought all along. Penetration Testing shouldn't be a twice a year endeavor, instead Red Teams should be constantly attacking the environments they are protecting. There is no such thing as a static environment, and new vulnerabilities are being found all the time!
danelleau1
danelleau1,
 User Rank: Author
12/9/2015 | 2:35:51 PM
Re: Cyberattack Simulation Service
theb0x - I understand your question now. You are correct, it would not make sense to simulate "reconnaissance". But reconnaissance isn't the only way to attack an organization, i.e. insider threats etc. It is important to validate lateral movement and data exfiltration as well.

As for the architecture, there are various deployment options available. The SaaS model is the vThreat model, talk to Marcus. We (SafeBreach) have an on-premise model that doesn't require SaaS. Happy to chat offline. 
theb0x
theb0x,
 User Rank: Ninja
12/9/2015 | 9:57:06 AM
Re: Cyberattack Simulation Service
The first phase of any cyberattack is always reconnaissance. This is public information gathered about the company. The second phase is enumeration. This where systems can be port scanned and the querying of individual services are performed to identify specific systems of weaknesses. It is not until the exploition phase is launched where the information identified as weaknesses can actually be confirmed. 

A simulation of this does not really confirm any weaknesses discovered. There is also a high probability of false positives.

A cyberattack does not involve deploying SaaS agents internally to the network to gather information. This is not how reconnaissance and enumeration are performed. Also loading such an agent may very well be exploitable by an actual attack through it's own weaknesses. 

 

danelleau1
danelleau1,
 User Rank: Author
12/9/2015 | 4:00:18 AM
Re: Cyberattack Simulation Service
It's different from vulnerability assessment. Here you are simulating the actions of an attacker, and the breach methods used may or may not take advantage of a vulnerability. It's more like an automated red team on a platform. 
theb0x
theb0x,
 User Rank: Ninja
12/8/2015 | 12:27:01 PM
Cyberattack Simulation Service
How is this any different than a vulnerability assessment? No exploits are actually launched and the probable damage is based on the value of a company's assests and the severity of a successful attack. That's what CVEs are for. Even running scans on a production network can have a negative impact depending on how many nodes and how aggressive it is. Even without using any exploit code things can and will still break.
Sara Peters
Sara Peters,
 User Rank: Author
12/4/2015 | 11:35:55 AM
Good news for SMBs
This is something that SMBs could actually afford, and might teach them more about security than the average static monitoring software. But it could also be good for the larger companies if they actually do use it as an "in-between pen tests" maintenance tool. 
Joe Stanganelli
Joe Stanganelli,
 User Rank: Ninja
12/3/2015 | 5:36:28 AM
Counter to M&M Security
Sounds like a great service lest we become to complacent about M&M security (hard on the outside, soft inside).  Security is not just about the outer gates; it's about everything that happens within the walls as well.
danelleau1
danelleau1,
 User Rank: Author
12/2/2015 | 4:26:30 PM
Attack Validation
If attackers are being successful, it makes sense to play that role. Attack validation allows organizations to adopt an offensive security mindset in the right way (i.e. without the implications and potential legal backlash from fighting back against attackers), and complements existing security solutions. 


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-25012
PUBLISHED: 2023-02-02
The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.
CVE-2022-37034
PUBLISHED: 2023-02-01
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download a large file. If done repeatedly, this will result in Tomcat request-thread exhaustion and ultimately a denial of any other requests.
CVE-2023-0599
PUBLISHED: 2023-02-01
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of JavaScript request string sanitization. Using this vulnerability, an authenticated attacker can execute arbitrary HTML and script code in the target browser against another Metas...
CVE-2023-23750
PUBLISHED: 2023-02-01
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling of post-installation messages.
CVE-2023-23751
PUBLISHED: 2023-02-01
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.