Simulating Threats with vThreat

Protection remains an important step in the security ecosystem, yet no matter how good the prevention, human error, breakdown in processes or technological weaknesses mean these can be bypassed.

While that doesn’t mean enterprises should bury their protective products in shallow graves, buying trends indicate that more investments are being made in detection and response capabilities.

This is all well and good, but history shows that even when investments are made in good detection and response products – alerts are often ignored or missed altogether. Even worse, it’s only in the aftermath of an incident that a company discovers misconfigurations or omissions in their deployment.

The challenge for many security executives lies in getting assurance that not only are technical security investments configured and working correctly, but the staffing and processes around threat detection and response are working adequately together. It is this assurance that vThreat is aiming to provide.

Technology

Delivered as a SaaS offering, vThreat provides on-demand and continuous threat simulation both externally and internally to a network. All threats simulated are non-malicious and intended to masquerade as network attacks to determine if the detection and response capabilities are working as designed.

These simulations include capabilities such as a bot beaconing to command and control servers, sending simulated sensitive data (credit card, social security numbers, medical records) out of restricted networks, lateral scans to mimic an attacker and the like.

In doing so it can test the response processes and capabilities of the security team as well as effectiveness of products such as DLP, IDS, IPS, firewalls, antivirus and so on.

Javnalysis

I like the approach vThreat is taking in providing assurance at the technical, procedural and skill levels. Dare I say, it’s the kind of product that has the potential to allow a security exec a good nights sleep by virtue of knowing their security investments are working as intended.

The SaaS delivery model is familiar to most and this allows executives to schedule and run tests and examine results without needing in-depth technical knowledge. One could assume companies could use vThreat to not only assess the effectiveness of their own teams, but also of MSSP’s or other service providers charged with monitoring security events.

Although not competitive, vThreat may find itself having to educate buyers on the differences between their offering and penetration testing and other assurance functions such as internal audit. A task that may be harder than it sounds in an industry where vulnerability scans are often sold as penetration tests.

Leave a Reply