July 31, 2019 Sunnyvale, CA - SafeBreach Inc, vendor of the industry leading Breach and Attack Simulation platform announced the availability of SafeBreach GRID(™) - Global Risk Director. SafeBreach GRID is the industry's only breach and attack simulation application that uses correlative analytics to identify security gaps and link them to their potential business impact.
Existing solutions like vulnerability management, pen testing and basic breach and attack simulation, can find single point security gaps, but fail to take a system wide, multi-stage “Hacker’s view” of attacks that automatically attempts all available attack paths and then identifies all potential attacker kill chains. Moreover, no other systems today can rank security gaps discovered by their potential business impact if exploited.
SafeBreach GRID provides the data required for mitigation by correlating data from many complex, multi-stage simulations that run continuously to produce a posture impact score for each security gap found. Second, GRID ranks exploitable security gaps by potential business impact in a single recommendation matrix. This helps security teams prioritize which gaps to address, and provides precise recommendations on how to improve security product configurations to minimize the potential business impact of a breach. GRID also includes a set of risk indicators to help teams track and report on their progress.
“SafeBreach GRID correlates security gaps discovered during attack simulations with the value of potentially affected assets, automatically calculating the potential business impact of a misconfiguration. It helps my team prioritize which actions to take to maximize protection, and how to minimize the potential damage we might face if our systems were breached,” said Yaron Levi, CISO, Blue Cross and Blue Shield, Kansas City.
Prioritizing the response of a security team is one of the most critical needs today. According to Gartner, “Even when organizations are aware of gaps in the security posture, they don't know where to start, especially in the case of a recent acquisition, in which the new environment might be completely unknown.” Gartner goes on to state, “Although it may sound overly dramatic, there is a veritable epidemic of misconfigured, disconnected, turned off, and non-optimized security tools all over the organization. There is also a possibility that an attacker that compromises a system and breaches an organization will disconnect the controls or interfere with their operation. Many recent breaches involved information security controls that have failed to pick up evidence of the attacker's activity, as well as controls that were disabled by an attacker or an IT team.”*
“Breach and Attack Simulation products can easily find security configurations that are incomplete or wrong, but until now this has only produced a confusing kitchen sink of remediations that were not clearly correlated to risk or priority,” said Yotam Ben Ezra, VP Products at SafeBreach. “We built GRID because our customers asked us to help their security teams increase efficiency by identifying and addressing the most impactful issues first, based on rigorous analysis of their assets, the current threat landscape, and discovered misconfigurations or security gaps in their network, systems or endpoints. We give them the actionable guidance they need in order to update their configuration and secure their enterprise.”
The SafeBreach GRID works exclusively with the SafeBreach Platform and includes the following features:
*Gartner, Utilizing Breach and Attack Simulation Tools to Test and Improve Security, Augusto Barros, Anton Chuvakin, 18 May 2018
SafeBreach is a leader in breach and attack simulation. The company’s groundbreaking patented platform provides a “hacker's view” of an enterprise’s security posture to proactively predict attacks, validate security controls and improve security operations center (SOC) analyst response. SafeBreach automatically executes thousands of breach methods from its extensive and growing Hacker’s Playbook™ of research and real-world investigative data. Headquartered in Sunnyvale, California, the company is funded by Sequoia Capital, Deutsche Telekom Capital Partners, DNX Ventures, Hewlett Packard Pathfinder, PayPal and investor Shlomo Kramer. For more information, visit www.safebreach.com or follow us on Twitter @SafeBreach.