Threat Simulator — Breach and Attack Simulation Platform

Problem: Security is Hard, Misconfigurations are Common, and Breaches are Rampant

With a multitude of emerging threats from inside and outside your network, the risk of a security breach has never been higher. All those risk factors are combined with a big human element that assumes everything has been setup and configured properly to get the best outcomes from each security tool. Organizations typically respond to this problem by throwing more money at the problem — acquiring additional security controls while increasing management complexity and complicating visibility for teams such as SecOps that are pressed to provide results and ROI.

But the real problem behind all those things is that it has been extremely difficult to effectively measure your security posture. And when you can’t measure security, it becomes harder to manage and improve it.

The result is that you can’t quantify the risks to your business, or the return on your security investment, or understand how to optimize it.

Solution: proactive, continuous security validation

To ensure a strong defense, organizations need to embrace an offensive approach that employ up-todate threat intelligence to continuously verify their enterprise-wide security controls are working as expected and are optimized for maximum protection.

With Keysight’s Threat Simulator, enterprises can measure their security posture, gain insights into the effectiveness of their security tools and obtain actionable remediation steps to improve it.

With this data, you can start optimizing the existing security solutions so that you can improve your security without adding another expensive security solution.

Keysight Threat Simulator builds on 20+ years of leadership in network security testing to reveal your security exposure across public, private, and hybrid networks. The ongoing research of our Application and Threat Intelligence team ensures regular updates so you have access to the latest breach scenarios and threat simulations.

Highlights

• Part of Keysight’s Security Operations Suite of enterprise security tools.

• Safe and cost-effective way to measure and validate the effectiveness of your production security tools.

• Enables you to perform automated breach and attack simulations on a regular basis.

• Eliminates the assumptions that security controls are deployed and configured correctly.

• Identify environmental drifts from historical visualized results.

• Active validation of all phases of the Attack Life Cycle.

• Reduces compliance audit time with data-driven evidence.

• Prove security attacks are properly identified and reported.

• Justify current and future IT spending.

• Content refreshed at regular intervals, including the provision of malware feeds daily.

Key features

• Flexible, cloud-based breach and attack simulation platform that scales as your network grows.

• Actionable remediation recommendations help you improve and optimize your security controls.

• Multi-tenancy access control and segmentation

• Light, container-based, infrastructure-agnostic software agents are available to enable operations onpremises, on private and public clouds, and on remote user laptops.

• Fast insights on your security posture.

• Fully managed Dark Cloud infrastructure, simulating external adversaries, malicious nodes, and C&C servers in the public domain.

• Modern, web-based interface that’s easy to use.

• Built-in integration with top network security controls and SIEM tools.

• A diversified library of MITRE ATT&CK techniques and threat vectors to validate network, endpoint, and email security controls.

• Out-of-the-box attack library enables you to simulate the full Cyber Kill Chain® for popular breaches, relevant software threats, and Advanced Persistent Threats (APTs).

• Scheduler enables continuous security assessments across your enterprise-wide network.

• SIEM-proxy agent facilitates communication with SIEM tools.

• Built in packet capture support.

• Visual ladder diagrams complement predefined security assessments.

• Agent tagging supporting user-provided metadata, making it easier to manage individual agents.

• Agent grouping creates abstraction layers, allowing simple and rapid validations of multiple network segments at once.

• Sigma rules support for supported modules to assist with detection engineering

• Structured Threat Information Expression (STIX™) threat intelligence blueprints and Indicators of compromise (IOC)