Keysight Technologies has announced Breach Defense, a security operations (SecOps) platform designed to improve operational security effectiveness. An integral element of the new platform is the Threat Simulator breach and attack simulation solution which enables network and security operations teams to measure the effectiveness of operational security by safely simulating the latest attacks and exploits on live networks. Security operations teams are faced with an increasingly complex network environment that is continuously under attack by a flood of cyber threats generated inside and outside of their organisations.
According to a recent Keysight Security Operations Effectiveness survey:
- Good security tools don’t always protect as expected: 50% of survey respondents stated they found their security solution was not working as expected after a breach had occurred.
- Most organisations don’t verify their security is working as it should: Only 35% of respondents have test-based evidence to prove their security products are configured and working correctly.
- Most organisations recognise the value of security testing: 86% of respondents stated they would value a solution that finds and helps to remediate vulnerabilities in a company’s security posture.
Testing security capabilities
Threat Simulator uses a series of lightweight agents to simulate attacks on a live network
“An organisation can be safe one day and vulnerable the next. Testing security capabilities at one point in time provides limited visibility to an organisation’s ongoing security posture,” said Paula Musich, Research Director, Security and Risk Management at market research firm Enterprise Management Associates. “At its heart, security is both a people and processes issue."
"By testing defenses on a regular basis using attack simulation, security operations teams can stay on top of changes that can turn good security hygiene into an exploitable vulnerability.”
Enterprise security operations
Keysight’s Threat Simulator solution provides enterprise security operations teams a method for testing security tools to determine their effectiveness in protecting the organisation. It provides a continuous, automated security assessment of end-to-end production network security infrastructures, enabling organisations to quickly spot gaps and environment drift of security configurations, which is typically the result of someone in IT or a related group making a change without any malicious intent, while a patented recommendation engine provides clear remediation steps.
Built on a software-as-a-service platform, Threat Simulator uses a series of lightweight agents to simulate attacks on a live network without exposing production servers or endpoints to malware or attacks. Threat Simulator features a library of threat simulations which is continuously updated by Keysight’s experienced Application and Threat Intelligence Research Center. An integrated dashboard makes it easy to conduct assessments, spot vulnerabilities and drill down on issues.
Instructions to mitigate vulnerabilities
Threat Simulator helps security operations teams find those gaps and gain actionable insight into how to close those gaps"
It features step-by-step instructions to mitigate vulnerabilities to help security operations teams solve the issue. “Today’s network and security teams just don’t know how effective their security solutions are on a continuous basis,” said Scott Register, Vice President, Security Solutions, Keysight Network Applications & Security Group (formerly Ixia Solutions Group).
"Security breaches aren’t always caused by a lack of capable products — often they are due to misconfigurations or a lack of security skills. Probing for coverage gaps has never been an easy task on a live network. Threat Simulator helps security operations teams find those gaps and gain actionable insight into how to close those gaps and improve their security posture.”
Stop infected internal devices
In addition to Threat Simulator, Keysight’s Breach Defense SecOps platform includes ThreatARMOR, a threat intelligence gateway. Complementing an existing security infrastructure, ThreatARMOR reduces attack surface by blocking up to 80% of malicious traffic at the source—decreasing the number of security information and event management (SIEM) alerts.
ThreatARMOR can: block traffic from known bad IP addresses at line-rate speeds; block malicious IP addresses manually or automatically from SIEM tools; identify and stop infected internal devices from communicating with known botnet C&C servers; block traffic by geography; and block unused IP space / unassigned IP addresses and hijacked domains from a network.