Reviewed by Matthew Hreben & Michael Diehl
Product: Threatcare App
Price: $50/month or $395/year for the app and $225/month or $1,995/year for the add-on agent.
What it does: Attack simulation platform that focuses on multiple attack vectors.
What we liked: Threatcare App is portable and can be run from a mobile workstation. This tool shows a lot of promise for organizations of any size as well as the MSSPs that support them.
Companies that invest millions of dollars in cybersecurity are confronted with a serious question: Does the technology actually work? Therefore, it is no surprise that security professionals within these organizations wish to test their security posture in real-time. The ideal solution should work equally for individual analysts and across large enterprises. This is the balance that Threatcare seeks.
Whereas many products in this space focus on server-based appliances, Threatcare’s attack and breach solution begins with a desktop application. This standalone approach is different in that it allows a single administrator to leverage the simulation, along with other techniques, to test network security with or without an internet connection.
Threatcare App is efficient not only for those cybersecurity practitioners, but also consultants who need a fast, comprehensive, and accurate point-in-time simulation tool with which to test network infrastructure, but don’t have the ability to deploy a more integrated system. The solution functions as a command center with automated cybersecurity testing simulations right out of the box, offline testing, custom techniques, protection testing, custom playbook creation and integration with Mitre Network’s ATT&CK framework.
This non-profit, community-driven entity provides a repository of Adversarial Tactics, Techniques, and Common Knowledge and categorizes the behaviors and plans of the enemy into 11 groups to better assess and correlate to a network’s particular gaps and weaknesses. By exploring technical description, indicators of compromise, and potential mitigations, analysts are better informed about how an adversary could gain access, lurk about a network or exfiltrate information. More importantly, ATT&CK draws a map so the same analysis allows the security team to devise and plan a simulation.
Threatcare simulations start as techniques, the same invasive behaviors and strategies that have been observed and recorded in real attacks. Techniques imitate an individual attack scenario, while simulation relies on a Threatcare playbook. Playbooks are a string of techniques that deploy sequentially across multiple vectors. Several playbooks come out of the box, but customers can create custom playbooks.
But for scenarios that span environments beyond a single network, Threatcare offers its agent add-on product. Threatcare App remains the control hub, but the focus is on automated playbook initiation of the remotely installed agents. Users choose a preferred time/date and Playbook they wish to run on the respective agents, with a plan of attack suitable to testing that separate environment. Threatcare agents are especially useful for consultants or MSSPs who work with multiple clients and need to control agents on multiple client networks, or for enterprises with a number of networks that involve IT/Cloud assets that need to be monitored. This is exponentially more efficient.
Support for Threatcare is available online 8/5.