Who needs breach and attack simulation?
The biggest beneficiaries are operators of very large and/or complex infrastructures who want to run continuous, passive and non-intrusive tests and detect real security vulnerabilities in the infrastructure’s overall context immediately or as soon as they occur. Vulnerability scanners can’t do this because they aren’t familiar with the network context and aren’t designed to construct relevant attack paths. Instead, they usually provide a large number of more or less important individual results, which is of no direct help in the case of mega networks.
It also detects sporadic security problems that are very difficult to find during manual testing – for example, when services or applications occasionally(!) store relevant data (passwords, hashes) in temporary files.
Easy to roll out - also in the cloud
As with a virus scanner, a service program is rolled out, but it is very lightweight and doesn’t affect the systems’ operational security.
The service program delivers data to a central (optionally on-premises) server, which immediately starts modelling attack paths so that initial results are often available within minutes.
Coverage of vast networks
In corporate networks, penetration testing is typically performed all the time, but rarely from a higher-level perspective. It is usually carried out from a department’s or business owner’s perspective on individual systems or applications. For vast networks, however, testing is often performed less frequently than the regularity with which new vulnerabilities occur. What’s more, they cannot be tested at all or in a sufficiently complete manner in a reasonable time within an overall context.
BAS achieves this by capturing the individual properties and vulnerabilities of virtually all devices through simulation and identifying the most important practical attack paths.
Disconnecting from time
Many vulnerabilities occur only sporadically or after a certain time – e.g. when the backup software (or the SAP Customizing script) starts and temporarily stores the passwords of the target systems/data somewhere in a file. A penetration tester usually doesn’t have enough time – or, indeed, the capabilities – to find them all. Breach and attack simulation can because it runs for longer (or continuously) and also finds such individual properties.
The same applies to security-related changes: if the administrators change the permissions in certain places one day after a penetration test, this can have fatal consequences that might not be noticed until the next pentest in a year’s time. BAS identifies this issue straight away.
Send a request
Leave us your e-mail address and we will
gladly get in contact with you
Are you interested in our solution?
XM Cyber breach and attack simulation
Automated penetration testing for large-scale networks
Regardless of the security checks that companies perform, security breaches happen all the time. XM Cyber’s breach and attack simulation (BAS) software connects the dots from the point of intrusion to the critical asset when there is a potential attack path. A prioritised remediation plan is then drawn up to help you quickly eliminate the steps hackers would take in your environment.
Now you can truly see your cyber risk and take proactive action to eliminate it.
Unlike other BAS providers who verify that security checks are configured correctly, XM Cyber begins by identifying the most critical assets and pinpoints all the possibilities of attack.
Whether it’s working on-premises or in the cloud, XM Cyber continuously evaluates your environment for misconfigurations, vulnerabilities and human errors that could be exploited in combination to open up access to your most critical assets. Our patented approach gives you the information you need to reduce risk by uncovering the implications resulting from:
Misconﬁgurations (whether on-premises or in the cloud)
User behaviour and errors
With XM Cyber, you can figure out how an attacker could exploit a vulnerability, grab strong cached credentials, access your cloud account and use IAM privilege enhancements to reach your critical assets.
You can stop this before it happens with our unique security breach and attack simulation platform.
Vendors & Certifications
Pioneering products and solutions from the world’s leading vendors
XM Cyber is the global leader in Attack-Centric Exposure Prioritization that closes gaps in cloud and physical network security. Customers can rapidly identify and respond to cyber risks affecting their business-sensitive systems because the platform continuously calculates every potential attack path.