MENLO PARK, CA –January 26, 2016 – SafeBreach, a leading innovator of enterprise breach validation, today officially announced the company and the general availability of its platform. Founded by former LivePerson CSO Guy Bejerano and renowned security researcher Itzik Kotler, SafeBreach enables any size organization to precisely and continuously quantify the risk of breaches from specific attack scenarios, harden infrastructure, and achieve greater ROI from current security investments. Recognizing its innovation, the company will be featured as one of the Top 10 Finalists in the Innovation Sandbox ‘Most Innovative Startup’ Contest at the RSA Conference 2016, taking place on February 29, 2016 at the Moscone Center in San Francisco.
Despite nearly $70 billion in security investment, organizations continue to be besieged by attacks, pummeled by breaches and mired in cleaning up the aftermath. The 2015 Verizon DBIR report highlights that in 60 percent of breaches, attackers were able to compromise organizations within minutes, and these breaches remain undiscovered for weeks and/or months. While innovation abounds in security solutions, it also expands the universe of product and services an organization must maintain and manage. Adding to that, the constant updating, patching and testing of software and infrastructure and it creates too many holes to plug, with too few people and too little time.
Recognizing these challenges, SafeBreach has delivered a platform to better inform defense, one that looks at how a potential attacker views, prioritizes and targets an infrastructure and then how they reach their ultimate target. SafeBreach’s breach validation platform continuously executes scenarios—based on extensive security research and drawing from actual investigations—to simulate real attacks and determine actual risk.
“As we move from perimeter defense to borderless security, I love that SafeBreach can be the ‘ubiquity platform’ running at every segment of my data center. These are not just ‘war games’ we are playing; this is removing the blindfold and really identifying our blind spots,” said Nir Botzer, CISO at Clarizen.
With customers spanning highly targeted sectors such as high-tech, financial services and retail, early SafeBreach deployments found a range of causes that left all organizations of all sizes open to data exfiltration with relative ease. Ignoring common security best practices and lack of layered defenses were major reasons behind successful compromise. Additionally, in many cases, extremely effective, next generation security solutions were rendered weak by IT misconfiguration. In one particular deployment, errors allowed SafeBreach to bypass malware sandboxing solutions in less than two hours.
Unlike static penetration testing or vulnerability management that look for, and at, specific weaknesses, SafeBreach’s platform looks at vulnerabilities and weaknesses in the context of the systems they inhabit and the network relationships they affect, to see how an actual attack could play out—and how far it could go. By doing so, it allows organizations to more intelligently make adjustments and enact fixes to not only close holes in the infrastructure but disrupt and disable paths that could enable greater compromise.
SafeBreach customers benefit from:
- Continuous Validation – Configured to run cyberwar games for continuous validation. SafeBreach is “always on” to keep pace not only with evolving adversarial tactics but also a constantly changing risk profile from new users, applications and devices.
- Actionable Insights – Offers CISOs and security analysts context-rich details of the building blocks that could create a breach event, specific to an organization’s environment. This informs more specific and targeted actions to prevent or mitigate impact.
- Complete Coverage – Comprehensive visibility and validation across cloud, network and endpoints. SafeBreach can also be used to validate security and compliance controls for data protection, segmentation between security zones/networks and third party integration.
“Companies don’t need to understand adversaries as much as they need to understand how adversaries view them,” commented Bejerano. “SafeBreach allows CISOs and security analysts to understand their risks from a hacker’s point-of-view. For the first time, we give defenders a way to validate their security controls and the benefit of time to address critical issues.”
Availability and Pricing
The SafeBreach platform is available immediately as Software as a Service (SaaS) or on premise, with pricing based on the number of simulators. In a SafeBreach deployment, breach simulators perform the role of the attacker and play war games within an organization’s actual infrastructure and security solutions—without impacting network performance or exposing assets. The SafeBreach orchestrator manages the network of breach simulators and serves as the central management point from which attack scenarios are executed and analyzed for success, and from which patterns can be tracked over time.
For a free assessment of enterprise security risks, please register at www.safebreach.com.
Funded by Sequoia Capital and Shlomo Kramer, SafeBreach is a pioneer in the emerging category of breach validation. The company’s groundbreaking platform provides a “hacker's view” of an enterprise’s security posture for total and continuous security assessment, validation and reporting. SafeBreach automatically executes breach methods with an extensive and growing Hacker’s Playbook™ of research and real-world investigative data. For more information, visit www.safebreach.com or follow on Twitter @SafeBreach.