SafeBreach integrates with Microsoft Defender ATP to maximize security


October 18th, 2019

Itzik Kotler

Security teams face an increasingly dynamic range of threats as the landscape of possible attacks rapidly grows. At the same time, they must also deal with an ever-increasing number of security controls from managing a growing list of cybersecurity technologies across servers, networks, cloud infrastructure, and end-user devices. This means that, invariably, configurations are dated and security gaps emerge as security teams deal with the impossible task of tracking, updating and optimizing an evolving IT footprint.

Due to these dual fronts of rising complexity, security teams need to know their security posture at all times. The only way to spot the weakest link (or links) is to continuously simulate numerous potential attacks an adversary might undertake to breach your network. That means simulating attacks against your entire network and endpoints, round the clock.

SafeBreach Integration With Microsoft Defender ATP

This is exactly why SafeBreach has integrated its platform with Microsoft Defender Advanced Threat Protection to provide visibility into Microsoft Defender ATP detection and prevention capabilities and maximize them using SafeBreach actionable Insights.

This integration connects Microsoft Defender ATP’s event and alerting engine to SafeBreach’s breach and attack simulation platform. It then automatically correlates Microsoft Defender ATP prevention and detection events to attack simulations performed by SafeBreach. Finally, SafeBreach actionable Insights provide remediation data that can be easily plugged into Microsoft Defender ATP to bring the prevention capabilities to the next level.

The integration allows security teams using Microsoft Defender ATP to leverage SafeBreach’s capability to continuously simulate attacks and expose weaknesses in an organization’s infrastructure. Equally important, security teams can use SafeBreach to understand what types of attacks Microsoft Defender ATP is blocking and to tune their settings and configurations to maximize protection of servers and end-points. In many instances, security teams suffer from “drift” after deploying Microsoft Defender ATP. That is, the original configuration and setup may not be properly updated to reflect changes to networks and endpoints, or the security and network infrastructure of an organization.

This is where SafeBreach comes into play - to help teams use Microsoft Defender ATP more effectively and offer them better transparency into exactly how Microsoft Defender ATP is doing its job.

How SafeBreach WorksΩ

SafeBreach is part of an entirely new category of products called Breach and Attack Simulation (BAS) tools, as defined by Gartner. The SafeBreach platform constantly probes and simulates attacks against your network and endpoints, leveraging the largest hack attack playbook in existence with over 7,000 attack types as of July 2019. The SafeBreach GRID risk analysis engine and dashboard gives Blue Teams real-time analysis of which security gaps and configuration engines to prioritize based on an analysis of business risk. By providing this information, SafeBreach works in an integrated manner with Microsoft Defender ATP to accelerate mitigation, improve prioritization and strengthen the security stance of companies that use the two products together.

In this manner, SafeBreach extends well beyond pen testing to become a platform that can make your security posture stronger, in conjunction with Microsoft Defender ATP, and make your security team more effective. Delivered as a service, on-premise, or in hybrid configurations, SafeBreach’s BAS platform uses its patented, 100% safe, framework to launch real attacks against real production environments to highlight where security systems and settings are protecting you effectively, and where security needs to be improved. This can mean identifying configuration problems in-network or device software, or poorly tuned security policies on security tools and software. SafeBreach can probe against thousands of popular security controls. So if you are running a mixed environment with Microsoft Defender ATP and other security systems for DLP, anti-virus, intelligent firewalling, or anomaly detection, SafeBreach can assess risks and weaknesses in those systems and their setups, as well.

With SafeBreach, security teams can:

  • Instantly understand what the most serious security gaps based on their business risk are and how to remediate them
  • Visualize all test results along the entire kill chain to build a stronger remediation plan and process
  • Filter results based on a variety of facets (attack type and phase, severity, MITRE tactics and techniques, security control)
  • Validate or invalidate defenses and control mechanisms across the entire network - SOC, SIEM, and individual devices
  • Trigger automated flows for mitigation in SOAR and ticketing systems

Organizations and security teams that deploy and integrate both MDATP and SafeBreach will enjoy the following benefits:

  • Specific benefits to Microsoft Defender ATP integration:
  • Measure effectiveness of the current Microsoft Defender ATP policies and configuration by continuously running SafeBreach simulations
  • Improve the posture by identifying and fixing the gaps leveraging the SafeBreach actionable insights
  • Ensure your environment is protected against the latest threats by running constantly updated attacks from SafeBreach Hackers Playbook
  • Report and maintain minimal business risk level using SafeBreach KRIs

Security teams can quickly deploy SafeBreach cloud, network, and endpoint simulators into their production environments, delivering a broad coverage at all levels of exposure. With SafeBreach, you can control the simulations to run, focusing on attack types, critical locations or sensitive data assets relevant to your organization.

SafeBreach Hacker Playbook - The Ultimate In-Line Library of Known Attacks

For building simulated attacks, SafeBreach compiles and publishes its “Hacker Playbook,”. With more than 7,000 methods, the Hacker Playbook is the most comprehensive and up-to-date set of known breach methods of any breach and attack simulation platform. The Hacker Playbook also includes attack methods sourced through original research by SafeBreach Labs. SafeBreach updates the playbook as soon as new breach methods are published, across a variety of industry-standard databases and knowledge bases including MITRE ATT&CK techniques, known threat groups and campaigns, and US-CERT Alerts. For US CERT alerts SafeBreach updates within 24 hours, which means customers running SafeBreach and Microsoft Defender ATP 24x7 will always be covered. SafeBreach does this with zero drag or performance latency. An additional benefit of executing real attacks against real environments is that the SafeBreach platform exposes actual breaches and has zero false positives."

SafeBreach + Microsoft Defender ATP = Better Security

The collaboration between SafeBreach and Microsoft makes it much easier for Microsoft Defender ATP users to safely simulate a wide range of real cyber-attacks to validate that their security controls are working as expected. The integration with Microsoft’s Defender ATP unified endpoint protection platform enables both enterprise and cloud customers to more easily and accurately assess their security posture, configure their policies to meet their needs, and continuously validate their Microsoft Defender ATP setup and configuration to respond to threats, faster and more efficiently. This, ultimately, improves the agility of security teams and while helping their organizations reduce risk and, most importantly, sleep better at night.

Related Posts