If you like really innovative – and useful – cyber defense tools, you will love SafeBreach. We read the background information on this one and, frankly, our first question to the company was: “How is this not just a fancy penetration testing tool?” As it turned out, the answer came very quickly; in fact, within moments of turning the tool on. And the answer? The two types of tools don't even play in the same ball park.
The whole idea behind SafeBreach is that it provides an attacker's view of the enterprise. A major issue in pen testing is exploitability. It's one thing to have a report full of vulnerabilities, but if they cannot be exploited the risk is lower. The problem is that exploitability – once the province of human hackers – now is even more the province of malware or, more commonly, malware in combination with humans.
Product SafeBreach Continuous Security Validation Platform
Price Depends on number of simulators deployed.
What it does Simulates and validates breaches so that security teams can architect defenses more effectively and recover from events more rapidly.
What we liked The whole idea of simulating all possible breaches in a given environment.
The bottom line This is a very cool product and it definitely is not your typical pen testing tool. Characterizing SafeBreach in that manner is a bit like saying the QE II is a boat.
By using their “Hacker's Playbook,” SafeBreach is able to develop breach scenarios unique to your environment and then run simulations. By correcting problems the tool finds and re-running, you iteratively secure your enterprise far beyond simple pen testing for continuous improvement. It's no secret that attackers are evolving constantly – your enterprise defenses need to also.
SafeBreach Continuous Security Validation Platform consists of two parts: he Orchestrator (cloud) and Breach Simulators (on-premises). Together they try to answer the question: “How safe am I?” When you start up the tool, you drop into the dashboard. This is broken down into Critical Services Breached, Infiltration and Data Assets Exfiltrated. Immediately you're playing on a real-world playing field. This is not just about which devices or applications are vulnerable or exploitable. This is about what it takes to steal the crown jewels. If this sounds a bit like war games to you, you're right on target.
The tool builds what might be thought of as “scenario maps.” These maps look at your enterprise and find the points where assets are most at risk and then figures out how to do damage. Damage might be exfiltrating credit cards or breaching a production database. At each step you can drill down for an increasing level of detail. Things such as lateral movement are important parts of a successful breach and are equally important parts of breach scenarios. Each scenario can have multiple breach methods and there are hundreds of thousands of scenarios with new ones added weekly.
Because malware plays heavily in real breaches it is important to take that into account in a simulation. However, it would be a very bad idea to turn live bugs loose into a production network just to see what happens. So SafeBreach has created models that demonstrate the behavior of malware – without resorting to the use of malware.
Setting the tool up is simplicity itself. All you need is the IP of the management server and the Continuous Security Validation Platform does the rest. Even though there are lots of scenarios provided, you can finetune them for even more customization within your enterprise. The tool integrates with Splunk, so if you're a Splunk shop you have even more power available. As you remediate, you continue to run scenarios – taking into account that there are new ones weekly to keep up with the bad guys.
There are lots of different views of the overall process. One we especially liked was Insights. This is a graphical view of what assets and services are most at risk. Think of a heat map with an attack surface on the vertical and a number of locations on the horizontal. It's hottest in the upper right-hand corner where the attack surface is the greatest, and the number of locations is as well. That quadrant is not where you want to be. You want to move as many assets and services to the lower left corner as you can. This is a presentation that is useful from a practical standpoint and easy to understand and explain to non-technical management.
Overall, we enjoyed working with this one. Pricing is very flexible depending on what you want in your package, and support is right where it needs to be.