The MITRE ATT&CK heat map in the SafeBreach Platform lets security pros make deep dives into an environment’s strengths and weaknesses (Source: SafeBreach)

Vendor: SafeBreach

Price: N/A – Based on the size of deployment

Contact: www.safebreach.com

Quick Read 

What it does: SafeBreach Platform automatically executes thousands of breach methods from an extensive playbook of research and real-world investigative data and prioritizes remediation activities based on business risk.

What we liked: The hacker playbook, which identifies more than 15,000 different attack methods combined with SafeBreach’s dedicated threat intelligence team are constantly adding new attacks and indicators of compromise to this already comprehensive platform.

SafeBreach Platform automatically executes thousands of breach methods from an extensive playbook of research and real-world investigative data and prioritizes remediation activities based on business risk. It offers a “hacker’s view” of security postures that enables proactive attack prediction and security control validation. Displaying exposures alongside actionable data results empowers analysts with the information necessary to efficiently drive holistic remediation.

The hacker playbook, which identifies more than 15,000 different attack methods combined with SafeBreach’s dedicated threat intelligence team constantly adds new attacks and indicators of compromise to this already comprehensive platform. Simulations run on all or select simulators and use thousands of known threat indicators and attack behaviors to validate and improve security controls. They also offer security teams with enriched data and actionable information, including various insights on security categories and exposure levels, that prioritize remediations according to business impact.

Easy integrations with SIEM and SOAR platforms streamline security optimization, configuration and remediation. SafeBreach also supports integrations with workflow management systems to conduct full orchestration on remediation and validation, correlating events and reporting on them.

The dashboard contains a lot of useful information, including designated risk scores based on several customizable criteria thresholds. The homepage displays the network zones in which different simulators are deployed and the identities of servers that have crown jewels. Explorer View gives an attacker perspective that reveals different attack paths that may allow movement into and across an infrastructure. Lightbulb icons in Explorer View link directly to Insights, a feature that breaks down the number of attacks, the vulnerabilities that have caused them and the remediation responses that will most likely disrupt an attack path before exfiltration and lateral movements can take place.

The MITRE ATT&CK heatmap has several filter options, making navigation simple. These options also enable deep, investigative dives into various tactics and techniques to gain insight into the strengths and weaknesses of an environment’s security. Each component of the heatmap has drilldown capabilities that lead to even more detailed information.

Reports outline an attack surface perimeter according to the total number of simulations performed and selected. The reports clearly identify the locations of most threat exposures, as well as the threat groups or attack types that remain vulnerable to such exposures. The Known Attack Series Reports demonstrates how a security posture currently stacks up against new known attack series and methods. Analysts may conveniently run simulations based on the new methods that come directly from these reports.

Overall, SafeBreach offers a solid breach and attack simulation tool with a robust playbook of scenarios that effectively tests security controls without weighing down security teams. The simple configurations and intelligence built into the platform can recommend specific test scenarios for analysts, providing comprehensive environmental visibility without contributing to alert fatigue. The MITRE ATT&CK heatmap drives holistic remediation with effective prioritizations and event correlations to help analysts address vulnerabilities quickly and effectively.

SafeBreach bases pricing on the size of the deployment and includes 24/7 support.