Vendor: XM Cyber
Price: Yearly license based on net- work size.
What it does: Leverages simulations with Purple Team functionality to continuously expose all attack vectors and provide security teams with prioritized remediations.
What we liked: Simulations that can be replayed for step-by-step analysis, the beautifully designed interface and the different methods of visualizing attack paths (particularly the Battleground Screen).
HaXM is a fully automated APT simulation platform with Purple Team functionality that continuously exposes all attack vectors from the perspective of an attacker, assisting security teams in staying ahead of threats with ongoing prioritized remediations.
XM Cyber sees the breach and attack simulation sector as broken into two types of products: those that serve as security control validation products and those that conduct automated pen testing. HaXM sits somewhere in between the two, providing a more holistic perspective of an attack surface and how an attacker could travel from a breach point, prioritizing remediations and offering up actionable mitigation suggestions. By mimicking the behaviors of a real hacker, HaXM continuously looks at a network from an adversarial viewpoint in a way that is fully secure and accurate.
The solution records every simulation the system runs. They can be replayed to see what unfolded step by step to understand how an attacker might behave in a network. The adversarial perspective is displayed in the Battleground Screen which shows the paths a virtual attacker used to travel all the way from a breach point to a critical asset. A pane on the screen shows where the movements took place, when, what happened and which users were compromised.
Being able to safely, accurately and continuously test a network to gain visibility into attack vectors is only half the battle. HaXM closes the gap to remediation with a report that’s generated after a simulation. Using this report, analysts can see how much of the network and assets were compromised, how long it took the system to execute and the Asset Findings.
The Asset Findings show everything that helped an attack traverse from a breach point to critical assets. Analysts can drill into the findings for more granular information – each contains a remediation section with suggestions like best practices for what needs to be done to better protect assets as well as actionable advice with remediation options that have been tailored to your environment.
Over the past year, XM Cyber has added many capabilities to HaXM, including a MacOS agent, the ability to add security controls for testing to see how security controls are reacting and the ability to see multiple attack vectors. Being able to see more attack paths improves prioritization. Analysts can use the reports to see multiple attack vectors, not just the vectors most likely to be taken. More capabilities, including cloud-based attack simulations, are on the horizon, XM Cyber tells us.
HaXM continuously identifies attack vectors to target assets and prioritizes actionable remediation so companies can optimize their resources and reduce IT hygiene risk. The product’s functionality and beautiful, intuitive interface make it a worthy contender in this emerging space.
Starting subscription price varies based on network size. Premium and Standard Support are offered on at four levels of severity, each with different response times.
Tested by Matthew Hreben