Keysight Technologies has introduced Breach Defense, a security operations (SecOps) platform designed to improve operational security effectiveness. An integral element of the new platform is the Threat Simulator breach and attack simulation solution which enables network and security operations teams to measure the effectiveness of operational security by safely simulating the latest attacks and exploits on live networks.
Security operations teams are faced with an increasingly complex network environment that is continuously under attack by a flood of cyber threats generated inside and outside of their organizations. According to a recent Keysight Security Operations Effectiveness survey:
“An organization can be safe one day and vulnerable the next. Testing security capabilities at one point in time provides limited visibility to an organization’s ongoing security posture,” said Paula Musich, research director, security and risk management at market research firm Enterprise Management Associates. “At its heart, security is both a people and processes issue. By testing defenses on a regular basis using attack simulation, security operations teams can stay on top of changes that can turn good security hygiene into an exploitable vulnerability.”
Threat Simulator Delivers Confidence that Security Tools are Protecting as Intended
Keysight’s Threat Simulator solution provides enterprise security operations teams a method for testing security tools to determine their effectiveness in protecting the organization. It provides a continuous, automated security assessment of end-to-end production network security infrastructures, enabling organizations to quickly spot gaps and environment drift of security configurations, which is typically the result of someone in IT or a related group making a change without any malicious intent, while a patented recommendation engine provides clear remediation steps.
Built on a software-as-a-service platform, Threat Simulator uses a series of lightweight agents to simulate attacks on a live network without exposing production servers or endpoints to malware or attacks. Threat Simulator features a library of threat simulations which is continuously updated by Keysight’s experienced Application and Threat Intelligence Research Center. An integrated dashboard makes it easy to conduct assessments, spot vulnerabilities and drill down on issues. It features step-by-step instructions to mitigate vulnerabilities to help security operations teams solve the issue.
“Today’s network and security teams just don’t know how effective their security solutions are on a continuous basis,” said Scott Register, vice president, security solutions, Keysight Network Applications & Security Group (formerly Ixia Solutions Group). “Security breaches aren’t always caused by a lack of capable products — often they are due to misconfigurations or a lack of security skills. Probing for coverage gaps has never been an easy task on a live network. Threat Simulator helps security operations teams find those gaps and gain actionable insight into how to close those gaps and improve their security posture.”
Breach Defense Suite -- ThreatARMOR
In addition to Threat Simulator, Keysight’s Breach Defense SecOps platform includes ThreatARMOR, a threat intelligence gateway. Complementing an existing security infrastructure, ThreatARMOR reduces attack surface by blocking up to 80% of malicious traffic at the source—decreasing the number of security information and event management (SIEM) alerts. ThreatARMOR can: block traffic from known bad IP addresses at line-rate speeds; block malicious IP addresses manually or automatically from SIEM tools; identify and stop infected internal devices from communicating with known botnet C&C servers; block traffic by geography; and block unused IP space / unassigned IP addresses and hijacked domains from a network.