For many years, the security industry has relied on internal or external security red teams to play the role of the attacker, and unearth critical issues that need to be addressed. Operationalized in the correct manner, security red teams can be very effective in helping organizations challenge their people, process and technology, and improve the effectiveness of their security.
In our CTO Itzik Kotler's Peer to Peer session "Hacking Inward" at RSA 2016, he said this: "Most security leaders in the room were interested in building an internal security red team because of the benefits of an internal team that understands the business and can execute relevant breach scenarios.
An internal red team can play true war games that give more complete answers across people, process and technology. But red teams tend to be limited to larger organizations with a fairly sizable security team and robust security framework. Participants who had internal red teams wanted to increase the frequency of security validation performed."
However, the skillsets needed in red team members -- cybersecurity engineers with unique offensive security skillsets-- can be very unique. The general shortage of cybersecurity talent in the industry means that this task can be very challenging for the average organization. Being able to run red team testing also requires a certain level of security maturity within the organization.
SafeBreach allows you to empower the security red teams that you may already have in your environment. By giving them our platform as a means to optimize their efforts, they can automate hacker breach methods continuously, and trigger a rerun of validation efforts whenever the blue team completes their mitigation efforts.
Our platform allows security red teams to create or upload their own breach methods, giving them the ability to more quickly execute a variety of breach scenarios in a short period of time, without any impact to the environment. This not only allows more efficiencies for the team, but ensures that they are no longer limited by time and resources when validating a variety of different breach scenarios.
The ability for our platform to integrate with SIEMs, ticketing systems and threat intelligence vendors provides an ecosystem of security technology integrations that also introduce efficiencies for the red team engineer. For example, instead of having to track breach scenarios manually, our platform allows creation of security trouble tickets with JIRA and ServiceNow. This allows red teams to not only track the progress of mitigration methods, but also enables the ability to track mean time to repair, ensuring the security teams are consistenly improving their exposure time.
Benefits of automating a Security Red Team: