Improve SecOps performance and continually improve the effectiveness of your defenses.
Keysight Threat Simulator Improve SecOps performance and continually improve the effectiveness of your defenses eBook
Introduction Cybersecurity risks are of critical concern to businesses, and new threats emerge every day. As a security leader, your responsibility is to ensure your enterprise has the right defenses in place to block attacks and swiftly identify and mitigate potential risks. This is what warrants the large investments you make in cybersecurity tools. Yet how do you ensure that the tools you have invested in continue to provide the necessary protection, knowing that others who’ve been breached had the same tools? How can you become more proactive about your cybersecurity posture by identifying risks in advance? In this guide, we will show you how Keysight Threat Simulator helps ensure that your security investments are working hard for you by continuously evaluating the effectiveness of your security controls. Threat Simulator helps ensure that your security investments are working hard for you by continuously evaluating the effectiveness of your security controls.
2
Table of Contents
1
2
3
4
Risks & Costs
Threat Simulator
Reduce Risk
Get Proactive
5
6
7
Find & Fix
Key Industries
Next Steps
3
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
The risk and potential costs of cybercrime are rising, so how can enterprises ensure that existing security tools are effective against threats, and are able to detect and stop attacks quickly?
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
Enterprises simply cannot afford to let attacks get through.
Breach and attack simulation can help you continuously assess and understand where you are most vulnerable in your own security environment. Keysight Threat Simulator is an award-winning breach and attack simulation solution. With enhanced automation, it can help you test more security defenses, more frequently with fewer resources and with better outcomes. With Keysight Threat Simulator you can automate tasks that would otherwise take a scarce and expensive skillset to perform and free up resources to focus on high-value, non-repeatable tasks. By helping detect and remediate configuration drift, we can also save you money by optimizing security controls before embarking on time-consuming installations and configurations. We deliver product-specific remediation guidance, and you can be confident in policies working as expected even after changes.
Enterprise security teams are fully aware of the risks and have invested heavily in tools to reduce the risk of security incidents — an average of 75 tools in each enterprise to try to prevent breaches. (i) The trouble is, you don’t always know if everything is working properly. The proliferation of tools makes management of your defenses more complex; you may not be able to accurately identify where the risks are or whether your defenses are correctly configured. Your teams must trawl through alerts to try to find out which vulnerabilities to prioritize. And their responses may be slowed down in the event of an attack.
It is estimated that cybercrime will be worth over $10 trillion a year by 2025. (ii) The total cost of breaches for enterprises is going up by 10% every year. (iii)
(i) “The average organization has 75 security tools” (ii) “Cybercrime To Cost the World $10.5 Trillion Annually By 2025”, Steve Morgan, Editor-in-Chief, Cybercrime Magazine, November 2020 (iii) IBM Cost of a Data Breach Report, 2021
5
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
A key piece missing from the security armory of most enterprises is continuous validation of the effectiveness of defensive measures. As security assessment specialists, we developed Threat Simulator so you can do precisely this. Threat Simulator gives you a hacker’s view of your network, letting you see where your weak spots are, what might slip through the cracks, and how you can prioritize resolution of these issues. The product was designed to help SecOps teams see where security tools are not being effective and then take proactive steps in mitigating against vulnerabilities. As an example, we were able to show one of our enterprise clients, a US fintech firm, that as many as 32% of high-severity web application attacks were getting through their defenses, even though they had next-generation firewalls (NGFW) and distributed denial of service (DDoS) protection in place. The extra visibility that Threat Simulator provides allows enterprises to accelerate cloud migration, remote working, and other technological adoption. Keysight Threat Simulator shows you what you are missing
7
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
Keysight Threat Simulator can help reduce the risk for enterprises such as yours, ensuring that you are protected from the latest threats and helping you to adopt a more proactive security posture. We give you visibility into potential future attacks so your SecOps teams can create a response plan to mitigate threats in advance of an attack happening. Help reduce the risk of external threats Keysight Q&A
Hear from Keysight’s Vivek Delhikar about how we do this and who we have helped.
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
Andy Groves, the former CEO of Intel wrote in Only the Paranoid Survive about how to identify key moments of change that generate either drastic failure or incredible success. The same applies to the security challenges you face as the scale, intensity, and sophistication of attacks continue to grow. For example, there was a 151% increase in ransomware attacks in the first half of 2021, (i) and in 2021 the largest documented ransomware payment of $11m was made. (ii) The consequences of reactive cyber security should not be underestimated. The impact of these attacks can have a devastating impact on financial margins, supply chain relationships, physical and digital assets, and, worst of all, real world impact on people’s health and wellbeing. Be certain that you are protected against the latest threats
(i) Sonicwall 2021 (ii) JBS SA, June 2021
9
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
Keysight Threat Simulator helps you replace guesswork with certainty We analyze the security controls you have in place to protect your whole environment, including firewalls, endpoints, IoT devices, software, and so on, to determine how effectively they are working. Threat Simulator emulates a variety of attacks on your environment and tells you if you would be able to detect and stop them. It can do this daily and automatically, with no manual intervention required — freeing up your SecOps team to focus on strategic high-touch projects. We measure both prevention and detection rates for your security controls and correlate the findings with your security information and event management (SIEM) data to ensure all defenses are correctly configured. Keysight Threat Simulator makes it easy to pinpoint indicators of compromise (IoCs) and customize SIEM alerts, so you can spend less time dealing with alert fatigue and more time responding to threats.
11
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
Move beyond audit compliance to continuous optimization
Many enterprises already deploy vulnerability assessments and penetration testing. These serve valuable purposes including meeting audit requirements. But they are not continuous or automated, and they don’t perform well for testing endpoint or email
security, which is how many breaches start. Keysight Threat Simulator can help you predict whether a threat that does breach your systems could then spread through your network undetected, and it can determine whether your firewalls or data loss prevention system can spot sensitive information leaving your network. With Threat Simulator, you can measure the effectiveness of your security controls and demonstrate that you can prevent an attack. You can use it to track prevention and detection scores for your existing security tools over
How does Threat Simulator help enterprises to reduce risk? Keysight worked with a global food and beverage manufacturer that asked us to measure their internal firewall performance. Although our customer had a competent SecOps team and was using a well-known firewall vendor, they previously had been unable to accurately assess the effectiveness of their security controls or calibrate their firewall configurations against real-world traffic.
a period of time and across different environments. Threat Simulator also
provides high-level recommendations to eradicate threats so that if they do strike, you will have a tested response plan in place.
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
“On the first day of the Keysight assessment, we found that 80% of attacks were getting through. Using Threat Simulator’s findings to inform their action plan, the SecOps team were able to swiftly remediate the problem, closing a gap in their defenses while getting the most out
of their investment in firewalls.” Global food and beverage manufacturer
13
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
Get proactive about your security Even organizations with mature cybersecurity models cannot always simulate breach and attack scenarios. They need to improve the sophistication of their incident response, i.e. go beyond identifying an attack that is happening or has happened, to be able to predict its impact in advance. The difficulty that enterprises face with a rising number of attacks is that security teams can sometimes be overwhelmed as they identify and mitigate attacks that are already occurring. To develop a more proactive security posture, they need specialized technology to pinpoint where potential risks and vulnerabilities lie and test a response plan in advance.
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
AI and automation can simulate potential attacks before they happen
Use Keysight Threat Simulator to simulate how attacks would affect your particular environment before they happen. With this insight, your blue team can proactively create and simulate an incident response plan. We help you move up the cybersecurity maturity ladder to proactive security. Rather than having you invest in more security tools, we help you get the most out of the investments you’ve already made, improving your existing threat intelligence, security controls, and response plans by continuously assessing their effectiveness against the latest threats to your environment. Threat Simulator is a key component in adversary emulation planning. It gives you the insight to determine which threats to emulate, which regions pose the greatest risk, and which exploits most affect your industry (the healthcare sector, for example, is experiencing a surge in Urgent/11 and Ripple20 attacks against IoMT devices). The tool helps SecOps teams make data-driven decisions as they build threat-informed defenses and create a convincing business case to advance the security function within the organization. This enhances credibility internally when applying for budgets and externally when partnering with other organizations that require assurances around cybersecurity.
Cost of breach is 80% less where security Artificial Intelligence (AI) and automation was fully deployed vs. not deployed. (i)
(i) IBM Cost of a Data Breach Report, 2021
15
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
Keysight delivers the most realistic threat simulation available
Keysight has had an Application and Threat Intelligence Team in place to support our extensive security solutions since 2005. The team’s long-term focus and industry-leading expertise have enabled Keysight to create such effective autonomous inspection of your security devices to uncover vulnerabilities. Keysight has developed its own method for detonating malware within our R&D labs. Threat Simulator replicates exactly how real- world malware would behave in your particular environment, and then builds an assessment for it, all in a safe environment. By contrast, other companies simply download the malware, look at third-party analysis, and develop approximate simulations using their best efforts. We go to extra lengths because the realistic quality of our kill chains and emulations allows us to provide you with more accurate insight into the effectiveness of security in your particular environment — and makes you aware of how you can improve it.
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
Video Q&A about internal threats Keysight Q&A
To get the maximum value out of your SecOps budget, it is important to be sure that the security tools you have deployed are always configured correctly and that your cybersecurity teams have the right skills and the time to focus on high-touch strategic security priorities.
Hear from Keysight’s Vivek Delhikar about how Keysight Technologies can help you optimize your budget and resources.
17
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
Find and fix configuration drift in your constantly changing environment
You’ve invested in multiple security tools and they were deployed correctly at the outset, but a steady stream of patches, releases, and updates means that your environment has changed, so the way your tools were configured before may not be providing effective protection today. The threat landscape is also always evolving, so you need to ensure that your tools continue to be effective. Further configuration complexity can arise because of company mergers and acquisitions or technology migrations. In either case, SecOps may suddenly find themselves dealing with unfamiliar security tools and the need to defend new network configurations before they have had a chance to normalize security controls. Enterprises often don’t need to invest in additional security tools, but they do need to be confident that existing tools such as web application firewalls (WAF) are continuing to work effectively, as well as alerting the SecOps team if they are no longer providing protection.
19
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
Daily automated assessment ensures configuration issues are quickly highlighted
Daily automated assessments will quickly show if there is a configuration issue in your specific environment. You get continuous validation of whether your controls are still configured correctly to defend you effectively. In addition, our Application and Threat Intelligence (ATI) Research Center sends out regular updates, alerting you to imminent risks to your network.
Threat Simulator deploys agents in a matter of seconds to run assessments that validate remote access policies in representative segments, for example at a branch site, for remote users, or over a VPN. This reduces your biggest vulnerabilities; the risk of misconfiguration and the software running on remote worker endpoints.
The insight that Threat Simulator provides enables you to spot not only gaps in coverage, but also duplications in coverage, empowering you to consolidate the security tools you use, which, in turn, simplifies management and reduces costs.
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
We provide the assurance that your particular environment is protected. For example, if your organization uses a lot of Macs, we can show you if your controls are effective against Mac-specific exploits. We can tell you how many threats apply to your environment and whether you need to block them.
21
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
Use Keysight Threat Simulator to identify and mitigate configuration drift
Watch this demonstration on how Threat Simulator can identify and mitigate potential WAF configuration drift in a Microsoft Azure environment. The demonstration walks through a practical example and shows how the tool could simulate an attack to find out whether the WAF protection tools are configured correctly. It then shows how to remediate the risk and tests again to give confidence that potential threats are being blocked.
Penetration testing is good, but it’s not exhaustive and examines a single point in time. Red teaming is effective but can be very expensive. With the latest automation, Threat Simulator can help you test more security defenses more frequently with the same amount of resource and with better outcomes. To make the simulation realistic, we use real malware in your actual environment, but it is not detonated. In terms of security maturity, this is a more advanced method that provides more accurate insight into the real-world behavior of malware in your environment. Keysight Threat Simulator is non-intrusive, and can be run either standalone or as a tool red teams can use to automate manual processes.
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
Automated red-teaming tasks enable continuous growth of capabilities
Red teaming is expensive and requires a rare, highly sought-after skill set. On top of this, even in ordinary SecOps settings, in-house teams spend a lot of time tied up trawling through logs in their SIEM because they cannot automate routine tasks.
Our software doesn’t just take care of repetitive low-value tasks, it lets you improve your security operations center (SOC) effectiveness by helping you test and optimize SIEM alerting so you can turn down the noise and alert fatigue. It also executes some of the high-value repetitive tasks that red teams would do, bringing these advanced capabilities within your budget. Natural staff turnover also aggravates pressure on resources — people come in, set up security operations, then move on, and you lose their knowledge. There are so many different security tools that it takes a lot of time and investment to understand how to deploy them, use them, and keep them up to date.
Threat Simulator addresses all of these issues through intelligent automation of tasks. The work of red teams is streamlined and made more effective when more of their routine work is handled automatically, freeing them up to focus on higher- value tasks. The same applies broadly across SecOps; your security personnel all become more effective when Threat Simulator minimizes repetitive work and alerts them to the worst potential risks. Moreover, the work of your team is captured within Threat Simulator in saved scenarios and historical records of past simulation runs so that you retain insights despite staff turnover.
23
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
Keysight Threat Simulator delivers both foresight and insight
We provide intuitive software that can be operated by almost any IT or security team member, enhancing the capabilities of your security team so they can offload some of their work onto our automated tool and focus on high-priority, high-touch security issues. Usually, a SecOps team spends most of their time in the SIEM, sifting through logs, meaning they see attacks only in the rear-view mirror. But Threat Simulator can train the SIEM to do this work automatically, faster, and more accurately. In turn, you can use Threat Simulator to train your SecOps personnel to deal with attacks before they happen. This allows your organization to redirect resources to more important tasks and get more value out of your security budget. Because it delivers both foresight and insight, Threat Simulator creates disproportionate benefit for your security operations — making your network a lot more secure for a relatively small investment.
We support your priority risk mitigation, issuing urgent updates in response to new threats. This enables you to respond immediately to new high-risk threats, something that would otherwise take many skilled red-team resources to do.
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
In-house threat intelligence research function provides realistic assessments
As mentioned previously, Keysight has its own in-house threat intelligence research function with 17 years’ experience, which makes our results far more reliable. We also carry out highly specialized malware analysis ourselves in-house, detonating real malware in our sandbox environment, analyzing how it behaves, and developing new assessments and mitigation recommendations.
25
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
Keysight Threat Simulator is ideally suited to key industries
Threat simulation is a vital part of any enterprise’s cybersecurity toolkit. Some industries have specific requirements that Threat Simulator can assist with; they may be highly regulated, have an increased need to protect sensitive personal data, or have more dispersed IT/OT infrastructure. Threat Simulator is particularly relevant for SecOps teams in these industries:
CRITICAL INFRASTRUCTURE
FINANCE
PUBLIC SECTOR
HEALTHCARE
MANUFACTURING
TECHNOLOGY
RETAIL
The following examples highlight some specific use cases for three of these industries, outlining the particular roadblocks that can be faced by senior cybersecurity leaders — and how Keysight can help enterprises overcome these challenges.
27
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
The Importance of Breach and Attack Simulation
Financial Services are highly regulated, and with potentially lucrative targets for hackers that succeed in overcoming defenses, the costs of a security breach for Financial Services firms are high. The average cost of a data breach in the financial sector was $5.2m in 2021. (i) Breach statistics show that Financial Services and Healthcare are the most targeted verticals; they are also the likeliest to be hit with ransomware infections. (ii) The following examples demonstrate how Threat Simulator helps to improve the performance of security tools already deployed to protect Financial Services firms. One US fintech asked Keysight to check its defenses; we determined that they were missing 32% of high-severity web application attacks and 50% of all security attacks — even though they had DDoS protection and NGFWs in place. Another Financial Services technology provider, which was conducting WAF migration for one of its clients, used Keysight Threat Simulator to show that the client did not have visibility into all encrypted attacks. As a result, they reconfigured their client’s WAF so that it could block 100% of attacks.
(i) IBM Cost of a Data Breach Report, 2021 (ii) Forescout State of Internet Security, 2021
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
The need for threat simulation for Critical Infrastructure/OT
Operational Technology (OT) environments are evolving fast, and as the attack surface extends out to the edge, it is important to have continuous visibility across all endpoints. IoT creates further opportunities for enterprises to automate more repetitive manual tasks and optimize performance, but these devices can create additional risk and become an attractive target for hackers. With many new devices coming on board, the risk of configuration drift also increases as your IT environment changes. IT and SecOps teams need to know that their security tools are working effectively all the way out to the perimeter of their infrastructure.
29
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
Attack simulation extends to OT environments
Keysight continues to invest in partnerships and collaborations to be able to offer the right level of threat simulation, including OT segments within critical infrastructures. Keysight Threat Simulator can support SecOps teams to ensure that all tools are configured and working effectively, and include simulations of potential attacks on OT devices. In one recent engagement with a customer’s SOC, Keysight was able to provide critical insights from the first day of assessment. Threat Simulator determined that certain threats evaded both firewalls and passive monitoring tools, while other threats were successfully detected by passive monitoring but not properly passed to the SIEM. Based on Threat Simulator’s findings, Keysight was able to help this customer remediate these issues and supply full visibility to the SOC for current and future threats. “To ensure a strong defense, organizations need to embrace an offensive approach that employs up-to-date threat intelligence to continuously verify that their enterprise-wide security controls are working as expected and are optimized for maximum protection,” said Scott Register, Vice President of Security Solutions at Keysight. “With our latest collaboration with SCADAfence, our customers can run attack simulations originating from IT networks to OT segments within critical infrastructures, validate security controls, and ensure they are detecting and preventing attackers from breaching these environments without the need for additional hardware deployment.” (i)
(i) https://www.prnewswire.com/news-releases/scadafence-expands-partnership-with-keysight-to- deliver-breach-and-attack-simulation-to-it-ot-environments-301526957.html
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
How we have helped organizations in the public sector
Public sector teams tend to have a dependency on legacy infrastructures. Despite being risk-averse in terms of adopting new technologies due to budget constraints, plenty of these teams have found it necessary to accelerate digital transformation during the pandemic. IT teams have not always had the time or resources to keep up with cybersecurity requirements, but with the roll-out of online services it is essential to fully understand cybersecurity risks and implement tools to ensure that services are protected. As an example, a UK local council suffered a cyberattack in 2020 that was estimated to have cost more than £10m. The attack meant that its critical online services such as online appointment bookings, planning documents, social care advice, and council housing complaints systems were knocked offline for a period of time. (i)
(i) Redcar council cyber-attack - https://www.bbc.co.uk/news/uk-england-tees-53662187
31
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
Public sector SecOps use Keysight Threat Simulator to develop staff cybersecurity skills
One of Keysight’s public sector customers used Threat Simulator as a training and development tool to enhance the capabilities of an IT team member who wanted to move into security. Threat Simulator helped to train this person to become a security specialist — helping their career path, retaining their expertise, and avoiding having to hire additional expensive external security resources from the marketplace. Daily use of the tool detecting and identifying attacks helped the entire in-house team, increasing the cyber-security maturity of the organization. Helping public sector organizations identify security gaps and assess the effectiveness of future investments A local government body in the US with around 500 users wanted to identify which threats they were exposed to. Keysight Threat Simulator revealed that 70% of attacks were getting through perimeter defenses because the organization didn’t have Secure Sockets Layer (SSL) inspection in place. They then went on to use Threat Simulator to evaluate potential solution vendors and, based on our insight, were able to make informed investment decisions that balanced risk and cost.
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
Keysight has been widely recognized for excellence by the cybersecurity industry: Winner | Most Innovative, Breach and Attack Simulation, Global Infosec Awards 2022 Security Solution of the Year | Glotel Awards 2020 New Product-Service of the Year | Security Software 2020 | Bronze Winner InterOp Best of Show 2020 | Runner-Up
Hot Company in Breach and Attack Simulation | InfoSec Awards 2021 Finalist | Best Security Innovation in a SaaS Product - Cloud Awards 2021
33
RISKS AND COSTS
THREAT SIMULATOR
REDUCE RISK
GET P
Keysight’s realistic evaluations make your security stronger
Keysight’s roots run deep in the security market, and we have been providing security solutions for more than 20 years. Trusted throughout the security industry, Keysight is the de facto provider of security assessment tools for all the major security and network equipment manufacturers. For example, in 2017, Ixia (now part of Keysight) was chosen by Fortinet to test and validate the world’s first terabit firewall, FortiGate.
Some of our other technology partners include:
Threat Simulator covers all areas of IT: network, infrastructure, applications, user endpoints, and especially new areas such as IoT devices that are highly vulnerable. Threat Simulator is an evolution of our previous security-focused solutions and outstanding BAS offering.
Our wider portfolio includes assessments for 5G, cloud, connected cars, data center infrastructure, IoT, network testing and visibility, SDN/NFV, and software test automation.
PROACTIVE
FIND AND FIX
KEY INDUSTRIES
NEXT STEPS
Next steps To see the Threat Simulator tool in action: please reach out to your Keysight Technologies representative, or book a demo via our website.
Book a demo
Product overview
35
About Keysight Technologies
For more information on Keysight Technologies’ products, applications, or services, please visit: www.keysight.com
This information is subject to change without notice. © Keysight Technologies, 2018 – 2022, Published in USA, November 24, 2022
Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 13 Page 14 Page 15 Page 16 Page 17 Page 18 Page 19 Page 20 Page 21 Page 22 Page 23 Page 24 Page 25 Page 26 Page 27 Page 28 Page 29 Page 30 Page 31 Page 32 Page 33 Page 34 Page 35 Page 36Made with FlippingBook - Online catalogs