A cybersecurity professional recreating the threat landscape to validate defenses A cybersecurity professional recreating the threat landscape to validate defenses-mask

Recreating The Threat Landscape To Validate Defenses

Applying The Wisdom of Many

Jane Benitz Wong, Vice President Security Products, Splunk

I love my work. Product management is a combination of science and art as products must appeal to both the heart and mind of our customers. Even in a high-tech industry like cybersecurity, the most successful products are those of rich functionality and capabilities, which are also intuitively usable and look cool.

I am often asked to sit on the board of directors or advisory board of rising technology stars. I take pride in knowing that I am helping young companies take their business to the next level and seeing how their product development strategies evolve. One such company is an Israeli-based Cymulate.

Cybersecurity vendors fall into two very broad categories. The first category is threat detection or prevention, this includes endpoint, cloud, and network security controls. The second helps customers manage security processes and provide visibility into events. This includes systems that help bridge the gap between security operations and risk management, enabling operational efficiencies and scale.

Cymulate has a leg in both camps, but if I had to choose one, it would be in the second. Cymulate enables companies to continuously challenge, assess and improve their security processes and technologies. It’s like having an unlimited pool of penetration-testers at your beck and call, but with immediate results.

I first met the CEO, Eyal Wachsman, and saw the product years ago at RSA. It has been interesting to see their product strategy evolve, but before going into that it is best to understand how their platform works and what it does. In a nutshell, the platform is SaaS-based, it launches production-safe attacks on the customer’s environment to find gaps in security controls. To provide a true picture it must implement a comprehensive set of attacks at each stage of the kill chain and report back findings. With the guidance that Cymulate provides, teams can close security gaps that are discovered. The idea is that if the security controls that protect against attack vectors are optimally configured, the organization becomes more secure.

As a startup in the first year of inception, Cymulate had to prove value fast. They took the approach of developing the platform by attack-vector, one that simulated email attacks, another for web attacks, a third simulated lateral movement. You get the picture. These were developed independently and involved both research teams that created the attack simulations and the development team that created the packaging, useability, and delivery mechanisms. The advantage of this methodology was that it created licensable modules that immediately benefited their first customers.

Next, they decided to expose the open attack framework that could simulate attacks at any stage of the kill chain. This “Purple Team” module was suited for sophisticated customers and provided in-house red teams and pen-testers significant value. It also enabled the Cymulate research team to validate their ideas. They developed attacks for cloud, IoT, and other domains and by making them available as vendor-provided attack templates, in the Purple Team module, they could PoC them. More importantly, the product team could gauge their usage before deciding to develop a dedicated module for that specific domain.

This leads me to another aspect of Cymulate. Their product development is extremely research-driven. The research team develops features to help customers address the challenges of threat evolutions. The research team is made up of both ethical hackers / red teamers and security analysts / blue teamers. Their skills and expertise in developing attack scenarios and providing remediation guidance are the essences of the product. This guarantees Cymulate customers are improving their security at the same rate that the threat landscape develops.

Instead of being deployed like a black box that runs tests and produces reports, Cymulate engages its users. They show them how an attacker thinks, what techniques they use in both technical details, and by referring to a known taxonomy like MITRE ATT&CK®. They also enable creativity by opening the platform for their customers to craft their own attacks. In addition to making their users feel empowered and helping them learn from the process, they have already recognized the value of user-created attacks in future product development. The natural evolution is to open a space where customers and ethical hackers can share their experiences, testing scenarios, and remediation advice that can not only recreate existing threats but help to confront novel and unique threats.

To find out if your organization is protected against the latest malware attacks, run Cymulate’s Immediate Threats assessment. This allows you to test and verify by yourself if your organization is exposed to these attacks. It also offers suggestions for mitigations in case it turns out that your organization is indeed vulnerable.

Stay cyber-safe!

Start a Free Trial