The First True Testing for Zero Trust Networks is Changing Everything
Following the introduction earlier this year of the first test solution for authentic validation of zero trust networks, I am extremely excited to take this opportunity to provide more information about this major milestone that is shaping the future of network application and security testing.
Typically, for a product, a 2.0 release marks the transition into the maturity stage (or, even a brand-new initiative) but with CyPerf 2.0 it is more than that. It is about delivering unique, unmatched capabilities that are raising the bar for network application and security testing.
Keysight CyPerf is the industry's first instantly scalable zero trust test solution for distributed cloud. CyPerf's light-weight traffic generation agents can be deployed across a variety of physical, cloud and containerized environments to deliver unprecedented insights into end user experience, security posture, and performance bottlenecks. By realistically modeling dynamic application traffic, user behavior, and threat vectors at scale, CyPerf validates hybrid networks, security devices, and services for more confident rollouts.
As you might have already guessed, the key highlight of CyPerf 2.0 is the new capability for testing zero trust enabled network architectures with native support for authentication and contextual traffic generation. In this release, client traffic agents are able to statefully interact with Palo Alto's Prisma Access Policy Enforcement Point and authenticate with Okta Identity Provider before generating test traffic. A comprehensive stateful workflow is implemented within the test agents to mimic real user behaviors. While trying to gain access to a specific protected application, they are first redirected to authenticate, and once the authentication is successful, they are again redirected to finally access and retrieve data from the protected application.
The diagram below illustrates this workflow:
To make testing more relevant and insightful, CyPerf test agents can be configured to use a very large set of credentials (using playlists of username and passwords), or to access custom application paths. This opens the path for unique test scenarios, relevant to the zero trust world like:
- Emulating end-to-end legitimate user workflow to test the functionality, performance, and scale of zero trust network architectures
- Use authenticated users trying to access resources that are not available to them
- Combine legitimate, unauthorized, and unauthenticated users to validate least-privilege access policies
A test tool is only as good as the accuracy and relevancy of the statistics it is providing. Because network security is critical, we could not lower the bar for providing relevant metrics in zero trust scenarios, so we implemented new dedicated stats dashboards like Client Zero Trust Statistics:
Access to granular KPIs and metrics provide users with insights into the status of the interaction with 3rd party elements like the Policy Enforcement Point transactions or the Identity Provider’s response codes.
While the zero trust functionalities are the highlight of CyPerf 2.0, I don’t want to overlook the other new features added in this release. CyPerf now supports HTTP Redirects which makes it easier to interact with devices under test (DUTs) that use this technique for various purposes.
CyPerf’s deployment and usability has also been significantly improved with support for Microsoft Azure marketplace and the ability to deploy CyPerf test agents as .deb packages on top of both Ubuntu 20.04 and Ubuntu 18.04.
On the content side, the attack capabilities are expanded with over 700 new high-profile security attacks. This includes malware samples like Maze, Bumblebee, TrickBot, QakBot, Cerber, XtremeRAT etc. or various exploits like Log4j, SVCReady, Atlassian Confluence OGNL, Spring Expression Resource Access Vulnerability and others.
You may often see my frequent blog posts on interesting new CyPerf features but this one is different, as it marks the beginning of an entirely new journey where we will continue to add and integrate more and more vendors to cover as many use cases and deployment setups as possible.
To experiment with CyPerf and get a closer look at the benefits it brings, we invite you to take CyPerf for a free test drive! To start your free test drive please visit: https://www.keysight.com/zz/en/cmp/promotions/cyperf-trial.html
For existing users, eager to use the new CyPerf features please download the latest build form here.
To learn more about CyPerf or to schedule an expert driven demo visit: http://www.keysight.com/us/en/products/network-test/cloud-test/cyperf.html