SUNNYVALE, CALIFORNIA – May 20, 2020. — Today SafeBreach announces integration of its attack technique simulations into the Microsoft Defender Advanced Threat Protection (ATP) evaluation lab, offering friction-free access to SafeBreach’s market-leading Breach-and-Attack Simulation (BAS) Platform. This integration empowers security teams to instantly and accurately test the efficacy of endpoint security capabilities against leading threats such as malware infection, credential theft, data collection, ransomware, modification of registry keys, and malicious OS configurations.
The Microsoft Defender ATP team built the evaluation lab to make it push-button simple for organizations to build and run proofs of concept (PoCs) in virtual environments using real software and networking scenarios in a safe simulation environment. The built-in SafeBreach simulations markedly improve the capabilities of the lab; they enable PoCs to clearly demonstrate the effectiveness of various Microsoft Defender ATP configurations and empower security teams to closely observe and review prevention, detection, and remediation features in action. These simulations and the reports they generate cover the full span of a simulated attack along the entire kill chain.
“We share a mission with Microsoft to make organizations more secure by enabling them to adopt the most effective security tools,” says Itzik Kotler, CTO and co-founder of SafeBreach. “This integration gives security teams the best-in-class breach and attack simulation platform to use for their product validation to make sure they can try before they buy with the highest possible level of confidence.”
Security teams using the evaluation lab do not need to make any code or configuration changes to run the SafeBreach simulations. Testers can simply select from one of the available scenarios in their evaluation lab control panel, immediately run the simulations, and then receive the results for further validation and analysis.
“Evaluating endpoint protection solutions under real-world scenarios is highly critical for our customers, yet can be technically challenging and time consuming,” says Moti Gindi, Corporate Vice President, Microsoft Threat Protection. “The SafeBreach integration within Microsoft Defender ATP evaluation lab enables customers to easily simulate a wide range of attacks and learn more on how to improve detection, investigation and response capabilities in their network, tackling some of the most critical threats they face in the wild.”
In the lab, testers can choose between different simulations, each of which covers a broad range of potential attack tactics and procedures.
The first five available attack simulations include:
- APT29 (CozyBear) – attacks for localhost infection and malicious behavior
- Credential threat – techniques such as dumping passwords and authentication tokens
- OS configuration changes – modifying the operating system configuration to enable malicious activity
- Code execution – techniques to verify whether it is possible to enable malicious activity
- Ransomware infection – known attacks including WannaCry, JAFF, Locky, NotPetya, and others
Please read the SafeBreach solution brief for more information.