Breach and Attack Simulation Services
By Peter Theobald | March 9, 2018
Corporates are investing a significant part of their IT Budget on Security – but the question that is always on their mind is – Are we Secure? Is the money that we have invested in security solutions, giving us the security we need? Or are there still gaps, which can be exploited by malicious software or hackers?
One way of figuring this out is to wait for an actual attack, but obviously, that is not desirable since it can have an impact on the organisation and the end users. Even if the organisation’s defences were able to thwart that one attack, that is not a guarantee that others will be blocked with equal efficacy. What is therefore needed is a comprehensive test of the security solutions deployed in the organisation against the common threats that are out in the wild, to see if the security solutions are performing as expected – but at the same time ensuring that the organisation is not exposed to any risk during the test. Breach and attack simulation services offer exactly this kind of assurance. The most common approach is to test the three main vectors – Email, Web Browsing, and Web Application.
For email, a test id is set up, and thousands of malicious email samples are sent to this email id. Since there is no one using this id, there is no risk to the organisation, but what is being checked is, how many of these emails are blocked by the email security solution deployed in the organisation. A similar test is done to test the effectiveness of the Content Security Solution. A small agent is installed on a system, and this agent attempts to contact thousands of malicious websites – an activity that is supposed to be blocked by the Content Security Solution. We then keep track of how many of these attempts were blocked and how many were successful – which gives us a very good idea of the effectiveness of the deployed solution.
The Web Application Firewall (WAF) in place can also be tested. Common Web App attacks are simulated against a test application, to see how many attacks are blocked by the WAF and how many are able to get through.
Once the tests are completed, a comprehensive report is provided to the customer, which indicates how the security can be improved. At times this requires an installation of a new product since the existing solution is unable to provide the desired level of protection. But more often than not, the recommendation is for a configuration change to the existing solution. This simple and zero-cost remedy helps you get more value out of your existing investment in Network security.
Additional tests can also be run as per the customer’s requirements. For example, a ‘Lateral Movement Test’ can verify, that if one particular system in your network is compromised, how far can the threat spread within your network from that single system? An “Immediate Threat Check” is also very useful. Every other day the CIO or CEO wakes up to a newspaper headline about a new threat. But is our organization protected against it? Again, there is no need to wait for that attack to happen, but a simple check can be run to see if your existing security solutions are capable of blocking that threat.
In partnership with Cymulate from Israel, Hitachi Systems Micro Clinic is providing an automated portal which can run breach and attack simulations on customer systems as per their requirement. Typically, the test runs in two sets, the first test gives an idea of the effectiveness of the current systems and gaps found. The issues highlighted are corrected and the test runs again to ensure that the gaps are closed. The tests can be repeated every month or every quarter as desired.
Would you like to test the effectiveness of your Network Security? Hitachi Systems Micro Clinic is providing a ‘Free of Cost’ assessment of the three main vectors – Email, Web Browsing and Web Application. While this will be a limited assessment using about a hundred threats rather than the thousands that are used in an actual simulation, it will still give you a very good idea of the current security posture of your organisation against these vectors and will highlight the further course of action required. This is a completely remote assessment and no hardware will be required at your end.
To know more, reach us at marketing.mc@hitachi-systems.com