Reviewed by Matthew Hreben & Michael Diehl
Vendor: XM Cyber
Price: Based on network size.
What it does: Attack simulation platform with a strong focus on automation.
What we liked: Beautiful UI that allows you to see the “battleground” and watch how an attack could spread through the environment.
HaXM is a substantive effort by XM Cyber to be among the forefront of advanced persistent threat (APT) simulation platforms that continuously expose all attack vectors, above and below the service, from breach point to any organizational critical asset. The solution combines various components but essentially weaves together three sets of automated technologies: a vulnerability assessment and management tool, penetration testing services built upon hacker methods and toolkits and machine-driven purple teaming.
At the heart of HaXM is a server that connects to sensors deployed in the target environment, be it one network or multiple. Through the simulated attacks, HaXM demonstrates how adversarial efforts are able to compromise an organization’s security stack and posturing. The most attention is paid to the critical assets most affected during the attack. Equally important is how the intrusion took place, if data was exfiltrated, credentials appropriated and damage caused by lateral movement through the production environment.
A key concept related to these simulated breaches is what XM Cyber calls “network superiority.” The solution correlates system compromise to a threshold of 80 percent of the sensors placed on the infrastructure. If an attack campaign gains access beyond this threshold, it is considered to have achieved network superiority and the client’s SOC should prioritize remediation of the relevant gaps that have been identified. One of HaXM’s standout features related to post-attack analysis is the forensic timeline function, which provides the ability to review the attack timeline from completed simulations. Analysts can replay the attack and see how the system exploits the system in a sequential chain of events. We consider this feature exceptional because it clears the path to both standard best practices and actionable suggestions with differing degrees of mitigation/removal.
XM Cyber claims that the solution assumes a new approach to provide more value than merely isolated security controls validation. The company maintains a first-rate catalog of adversarial methods and techniques from which it draws its simulations’ game plans. This database is continuously updated by the company’s research arm, Israel-based XM Labs and current with all manner of real-world emerging threats. This blending of both attack and mitigation into automated solution is what XM Cyber champions as the complete APT concept, compared to traditional pen testing. Similar testing approaches within this security space will discover gaps but rely too heavily on the skills and speed of a pen tester. Considering an organization’s network has the tendency to change rapidly and uncover new attack vectors, this is a flawed concept. In contrast, HaXM is an automated purple team that conducts red-minded multiple attack scenarios quickly and efficiently, followed by the defensive blue team posturing which automatically prioritizes critical actions.
Support offerings span four tiers of response and escalation requirements.