SafeBreach

 

SafeBreach is the world's most widely used breach and attack-simulation platform in enterprise companies. The company's patented platform provides a "hacker's view" of an enterprise's security posture to proactively predict attacks, validate security controls, and improve security operations center (SOC) analyst response capabilities. SafeBreach automatically and safely executes thousands of breach methods validating network, endpoint, cloud, container and email security controls by leveraging its extensive and growing Hacker's Playbook™ of research and real-world investigative data.

 

How it Works

Maximize the effectiveness of your security controls

 

Continuous Security Control Validation

Maximize the efficiency and effectiveness of the security controls you already have and optimize your security spend.

• Attack
• Visualize
• Prioritize
• Remediate

 

Test your defenses

Execute attacks safely and continuously, triggering your security controls to identify what will be prevented, detected, or missed.

 

SafeBreach Platform

 

 

Comprehensive Threat Assessment

Move to proactive security by combining threat intelligence, vulnerability management and attack scenarios

 

Reveal Your Actual Risk by Creating Synergy Between Siloed Security Solutions

Integration of threat intelligence and vulnerability management solutions with SafeBreach's platform gives you visibility into your security posture against specific threats. SafeBreach enables you to focus on the highest-risk attacks. It quickly and effectively reveals how your security controls will stand up to specific attacks to show how each threat would impact the business. Not only is the potential impact of each attack defined, but SafeBreach also tells you how to correct your security controls to reduce the impact and mitigate overall risk.

 

 

Recent Releases

Learn about what's included in our recent releases.

 

Flexible Dashboards

Build Rich Visualizations In Just A Few Clicks

With SafeBreach Dashboards you can transform your testing data into actionable visualizations in order to:

• Align security investments to your business goals
• Track key business units with metrics and see trends over time
• Identify outliers and discover hidden insights
• Share reports with stakeholders across the organization

 

Using SafeBreach Flexible Dashboards to Enable The Business

 

SafeBreach Flexible Dashboards for Comprehensive Reporting, Accountability of Cybersecurity

One of the greatest challenges faced by CISOs is translating security and operational data to reflect business goals and objectives in a coherent way. Doing so is critical in achieving alignment on goals and the establishment of key performance indicators (KPIs). Even more crucially, executives and stakeholders need visibility into ongoing operational and security risks if in order to make the right decisions to minimize risk and to understand the impact of their decisions, in near real-time.

 

Build Rich Visualizations of Any Security Aspect In A Few Clicks

Flexible Dashboards is a comprehensive reporting infrastructure that allows our users to visualize and report on any security and risk metrics measured by the SafeBreach platform. With Flexible Dashboards, CISOs and security leads can build dashboards with rich charts and graphs in a few clicks or tap into a growing library of pre-configured dashboards and widgets for well-known metrics.

 

Why Flexible Dashboards Drive Better Focus, Better Business Results

The smartest organizations understand that focus is the key to effective security and risk reduction. Even the best security teams with the best controls cannot offer 100% protection against every attack. Once an organization deploys SafeBreach, they gain the revolutionary ability to test the security infrastructure continuously. This allows them to validate assumptions and generate reliable and objective metrics that can be used for strong KPIs that track not only security resilience but also broader business outcomes. Making security stance measurable and visible enables laser focus on the right actions and remediations. More focus also drives smarter investment, either in manpower or changes to controls.

 

Flexibility enables focus, which is why we built dashboards to be extremely flexible. Flexibility in how security is visualized and reported is crucial to aligning stakeholders with security and business goals and providing them with the right information view to drive their actions. Having the flexibility to measure and report on the metrics that matter for a specific stakeholder or role enables everyone to focus on the right things and undertake the actions that move the needle on metrics and KPIs. For example, a Director of IT may benefit from insights as to what percentage of users have deployed VPNs for remote work but would not need to know whether a new Advanced Persistent Threat technique could crack a network firewall. A security team analyst focusing on threat analysis would benefit from understanding which APT techniques are not well covered by security controls and how many of the highest priority APT playbooks are blocked at any given point in time. Flexible dashboards accommodate these types of differences, and much more.

 

Export, Share Dashboards to Customize Stakeholder Views

Flexible Dashboards is a complete dashboard and reporting infrastructure designed for customization, sharing and publication. Any dashboard can be exported, embedded or shared. This allows for numerous potential views of security stance and risk metrics, customized to stakeholder role and responsibility. With our dashboards, reporting and tracking KPIs as business goals facilitates effective communication between security and business. It also aligns security investment to maximize business impact results by clarifying focus on the right areas and managing security budgets effectively and efficiently.

 

How Customers Are Using SafeBreach Flexible Dashboards

Our customers are already embracing Flexible Dashboards to:

• Generate reporting and tracking based on Business Unit, Threat Assessment, Security Control Validation and Asset Protected.
• Combine various data points to visualize key security program metrics including Security Controls, Software Vulnerabilities, MITRE ATT&CK TTPs and threat information.
• Track security KPIs at the stakeholder, BU and organization-wide altitude both over time and in real-time.

 

Some specific use cases of SafeBreach customers include:

• Large insurance provider performs security posture assessment by Business Unit: Results, including security control actions and detection prevention analysis, are published in a dashboard and reported quarterly to the CISO and the Board of Directors as KPIs.

 

 

• Large health care organization reports security stance against APT29, and other threat actors: The organization tracks their security program and testing against specific MITRE ATT&CK Threat Actors, monitoring miss rate over time, identifying top techniques to remediate going forward, and streamlining security area investment and prioritization.

 

 

• Security Test Analysis for Remote Workforce Validation COVID-19 drove changes in the networks of multiple SafeBreach customers, leading them to dashboards to visualize and drive mitigation of resulting risks from remote work.

 

 

As the scope and type of cyber risk expands, CISOs and Boards of Directors are realizing that they must do a better job of managing security and focus on what matters the most. They know they can’t boil the ocean and block everything. They also know they can’t expect stakeholders to wade through reams of charts and data to find actionable information that informs decisions and behaviors. Stakeholders that can see and constantly validate how their actions impact security and business KPIs will be empowered to improve KPI performance. SafeBreach Flexible Dashboards finally make it possible to take the abstractions out of cyber risk and deliver crisp focus that is a pre-requisite to effectively managing security risk and mapping improvements on those risks to real business metrics.

 

Using SafeBreach to stay on top of Cloud Native Security

 

Increasingly, central IT and security teams assume responsibility for security and governance of the public cloud infrastructure in their organizations. As organizations use the cloud for more business-critical and customer-facing applications, the security requirements and concerns associated with that infrastructure mature as well.

 

Public cloud security issues

Cloud security continues to be a top concern for IT organizations. While some security requirements and challenges for public cloud usage are the same as private clouds, others differ.

Challenges specific to security in the public cloud are in four key areas:

• Complexity: The flexibility and elasticity of the cloud infrastructure often enables advanced software architectures, and specifically the use of container-based infrastructure. These architectures involve a larger number of entities and services with independent lifecycles.
• Scale: With a public cloud, the number of entities and the level of legitimate internal communication paths increases significantly. Managing security for a much larger number of entities, each with its development lifecycle, becomes a complex task.
• Pace: The pace of delivery is one of the major drivers for cloud adoption. Applications delivered on the cloud tend to be subject to multiple changes and entail a very high rate of change. Each change may introduce new security vulnerabilities and blind spots, requiring security to adapt quickly.
• Visibility: By design, the underlying infrastructure is not visible and is the responsibility of the cloud provider. Other aspects, such as granting access, securing the application and the hosted OS, remain the responsibility of the cloud user. This shared responsibility model generates a change in workflow for security professionals. A high percentage of security professional’s state visibility is their top concern for securing their cloud.

 

Top security concerns in the cloud

Cloud security professionals focus on protecting their critical data. Whether it is data loss or leakage, or breaking compliance with regards to data privacy and confidentiality, they must keep track of the threats which put at risk their data kept in the cloud. The following threats are the most prevalent and are considered to be the most urgent issues to tackle:

 

Misconfiguration or faulty setup of the cloud platform is the single worrisome issue. Due to the complexity, pace and scale of cloud applications, this has become the underlying cause for security incidents in cloud platforms in recent years. Misconfiguration can relate to granting access, setting policies and configuring the network.

 

Unauthorized access by various attacks on credentials and resulting misuse of employee credentials. This is a major concern because the impact of gaining privileged credentials in a cloud platform can be devastating.

 

Insecure interfaces or APIs involve both cloud infrastructure and application APIs. For example, many of the security incidents in the past few years involved an overly accessible S3 configuration. In addition, many of the cloud applications design involve heavy usage of API-based interaction, where security is often overly permissive.

 

Account, service or traffic hijacking may result in the ability to access data. In public cloud infrastructure, the opportunity to perform such attacks causes concern due to the shared infrastructure and the fact that if access rights are not managed well enough, the impact can be severe. Also, this is an attack vector which starts at the user which is in many cases the weakest link in the chain in terms of security.

 

How SafeBreach can help

Breach and Attack Simulation enables organizations to test their security controls against simulated attacks. SafeBreach BAS platform enables BAS at a scale which is suitable to the challenges of managing cloud security.

• Testing by safely running actual attacks in production allows for understanding what really works and what may be misconfigured. Focusing on the security and impact enables improved security efficiency and faster pace.
• Focusing on security at a cloud scale requires that the most critical items are prioritized and the most impactful actions are taken. By enabling continuous, comprehensive and automated testing, one can obtain the required visibility for this to be effective.
• Continuous validation allows for keeping up with the rapidly changing cloud environment and being notified when something is broken. As with any continuous delivery and integration practice, the security must adopt the same cadence to keep up.
• Automation throughout the process allows security teams to achieve all of this effortlessly. The SafeBreach platform does not require instructions and performs testing fully autonomously. This enables performing all of the above in cloud scale.

 

Use cases for validating cloud native security

The use cases for validating cloud native security include cloud control plane security and container security.

 

Validating cloud control plane security

The cloud control plane includes capabilities that are usually exposed by the cloud IaaS provider API: access management, storage and other services and network configuration. In the shared security responsibility model, the user is responsible for these.

 

The cloud control plane represents a new and [for hackers] lucrative attack surface which is highly susceptible to misconfiguration and human error due to the high complexity of the environment.

SafeBreach BAS is able to interact with the cloud IaaS API and perform various operations which simulate attacker techniques and behaviors in order to validate security policies. The simulations also confirm whether controls are correctly configured to block attacker behaviors and expose where these may deviate from desired configurations.

 

SafeBreach simulation data can translate attack simulation data for threat or risk-based analysis, which is helpful in showing the environment posture in terms of the actual attack surface and threat exposure.

 

Validating container environments in cloud workload security

Container environments represent the infrastructure which enables cloud native architecture. Containers are very useful; they enable organizations to accelerate development processes and shorten software release cycles. 

 

From a security perspective, the container environment behaves differently than traditional environments. Fundamentally, container environments are characterized by a large number of small entities (microservices), interacting with each other in a complex application structure. Each entity requires a different set of security settings.

 

Cloud native security solutions are designed to secure container environments in light of the different architecture and complexities. Such tools focus on specific core areas:

• Microsegmentation
• System configuration enforcement and validation
• Application integrity
• Memory protection

 

Its new container security capabilities make SafeBreach the only BAS platform able to run attacks across the attack surfaces to validate configuration of the relevant security controls. SafeBeach Cloud Native Security capabilities enable users to visualize the entire kill chain of a potential attack on their applications, identify the most critical gaps and holistically remediate them.