See our full list of Top Breach and Attack Simulation (BAS) Vendors

Bottom Line

Designed for global enterprises and managed security services providers, Cronus’ breach and attack simulation (BAS) platform unleashes one or more CyBots that will attempt to hack customers’ systems and look for ways to access their most critical business processes. Its standout features include global mapping capability for tracing attack paths and its ability to prioritize potential threats by identifying those that pose the biggest risk to critical business processes.

Company Profile

Founded:

2014

Headquarters:

Haifa, Israel

Funding:

$5.7 million

One of the many breach and attack simulation (BAS) vendors based in Israel, Cronus Cyber Technologies was founded by two IT security experts. Co-founder and CEO Doron Sivan has advised banks and governments on cybersecurity issues and has written several books used to train Israeli Defense Forces (IDF) cyber intelligence units. The other co-founder, Matan Azugi, is a veteran ethical hacker who serves as the company’s CTO.

The company has won multiple awards, and also has a partnership with a Russian cybersecurity firm.

Product Description

Cronus offers CyBot, a platform the company describes as “a next-generation vulnerability management tool as well as the world’s first automated pen testing solution.” Imitating human hackers, it conducts continuous real-time penetration and reporting on global systems. It comes in three versions: CyBot Proc, which includes the core BAS engine; CyBot Enterprise, which allows larger enterprises to deploy several CyBots at once; and CyBot Enterprise MSSP for managed security service providers. All three offer continuous silent vulnerability scanning on all IP-based devices on-premises or in the cloud.

Key Features

• Live map
• Real-time alerts
• Attack Path Scenarios
• Actionable insights with just one click
• Dashboard
• Business-process focus
• Remediation prioritization

Target Market

Global enterprises, MSSPs, technology companies, manufacturers

Customers

Dell EMC, Frutarom, Mellanox Technologies, Nilit, Galilee Medical Center, First International Bank of Israel, Ness

Awards and Certifications

CB Insights; 12 Tech Startups Transforming the Cyber Industry, Cybersecurity 500, CREST Certification for Penetration Testing, 2017 Cyber Security TeXchange Award, Cyber Defense Magazine Infosec Awards for Most Innovative Managed Security Service Provider, Momentum Partners Watch List, Certified CVE Compatible

Pricing

Not disclosed

The post Cronus Cyber Technologies: BAS Product Overview and Insight appeared first on eSecurity Planet.

See our full list of Top Breach and Attack Simulation (BAS) Vendors

Bottom Line

AttackIQ’s breach and attack simulation (BAS) platform offers SOCs and enterprise security teams the ability to test the effectiveness of their security measures. Its biggest strengths include its easy-to-understand dashboard and simple reports that assign a percentage grade to an environment.

Company Profile

Founded:

2013

Headquarters:

San Diego, California

Funding:

$14.3 million

Founded by a group of security veterans with experience in security consulting, penetration testing, threat research, attack modeling, product development and related services, AttackIQ counts Index Ventures, Qualcomm Ventures and Telstra Ventures among its investors. “For too long security has been a guessing game,” said Stephan Chenette, Founder & CTO. “It’s time for security testing to catch up to our needs as an industry and allow for constant, safe and cost-effective scenario creation that continuously holds security vendors and teams accountable.”

The company partners with resellers like Optiv, Spectrami, Tevora, Trace3 and Sentek Global, as well as with managed security service providers (MSSPs) like Telstra, MENA and NaviLogic. It also has technology partnerships with Carbon Black, CrowdStrike, Cyphort, Endgame, Mitre, Phantom, Splunk and ThreatSTOP.

Product Description

AttackIQ’s BAS platform, called FireDrill, helps enterprises mount an “offensive defense.” It’s an agent-based solution that can be deployed on-premises or in the cloud. Setup is quick and easy, and it comes with built-in attack scenarios that the user can customize as needed. The dashboard provides easy-to-read visualizations of the environment’s current attack readiness, and the reporting assigns a percentage score for resiliency. The company offers a free community edition and a free trial.

Key Features

• Intuitive interface
• Dashboard
• Support for Windows, Linux and macOS
• Cloud or on-premise deployment
• Built-in scenario inventory
• Customizable, automated reporting
• GitLab Portal
• Dedicated Slack channel

Target Market

SOCs, DevSecOps teams, enterprises

Customers

City of San Diego

Awards and Certifications

Gartner Cool Vendor, Top 10 Sparkling Startups in San Diego, CB Insights’ 12 Tech Startups Transforming Cyber Insurance, Risk Scoring, and Threat Remediation, NetworkWorld’s Hot Security Startups to Watch

Pricing

Not Disclosed

The post AttackIQ: BAS Product Overview and Insight appeared first on eSecurity Planet.

See our full list of Top Breach and Attack Simulation (BAS) Vendors

Bottom Line

Picus Security offers one of the more mature products in the breach and attack simulation (BAS) market, and it includes both network and endpoint detection capabilities. It takes a little longer to deploy than some of the other available solutions, but offers superior flexibility with no platform or technology dependencies.

Company Profile

Founded:

2013

Headquarters:

San Francisco, California

Funding:

$200,000

Picus Security claims to be the “pioneer of breach and attack simulation technologies,” and with five years of experience with BAS technology, it is one of the oldest companies in the market. The firm has close ties to Turkey, including an office in Ankara and several management team members of Turkish descent. It also has a corporate headquarters in San Francisco and an office in London. Investors include Scalex, ACT and Social Capital.

Product Description

The Picus Security BAS platform helps organizations challenge their security technologies to help identify security gaps in real time. It also provides mitigation guidance that helps them double their success in stopping cyberattacks. Picus integrates with popular SIEM products, such as ArcSight, McAfee NitroSecurity, IBM QRadar, LogRhythm and others, as well as with security products from organizations like Check Point, McAfee, ModSecurity, Palo Alto Networks, Fortinet, F5 Networks and Snort. The firm also offers a partner program for management security providers that want to add BAS capabilities to their arsenal.

Key Features

• Deploys in hours and begins returning results just minutes later
• No technology dependencies
• Works in complex production environments
• Identifies weaknesses in real time
• Includes modules for HTTP, HTTPS, endpoints and email
• Dashboards and alarms
• Prioritizes security needs

Target Market

Security managers, defensive managers and offensive managers at medium to large companies

Customers

AKBank, Exclusive Networks, Garanti, ING Bank, QNB Finansbank, Turkcell, Vodafone, YapiKredi

Pricing

Available on request

The post Picus Security: BAS Product Overview and Insight appeared first on eSecurity Planet.

See our full list of Top Breach and Attack Simulation (BAS) Vendors

Bottom Line

With numerous awards, patents and high-profile customers to its credit, SafeBreach appears to be one of the early leaders in the emerging breach and attack simulation (BAS) market. It’s a good option for enterprises in any vertical or for service providers and technology vendors that want to offer their own customers BAS capabilities.

Company Profile

Founded:

2014

Headquarters:

Sunnyvale, California

Funding:

$34 million

Winner of multiple awards, SafeBreach was founded by cybersecurity veterans who have previously worked for the Israeli Air Force and the Israel 8200 Intelligence Unit. It is headquartered in Silicon Valley, with an additional office in Tel Aviv. It has partnerships with Hewlett Packard Enterprise (HPE), Visa, VireEye, PhantomCyber, LogRhythm and Docker, and its investors include Sequoia Capital, Deutsche Telekom Capital Partners, Draper Nexus, PayPal Ventures, Hewlett Packard Pathfinder and investor Shlomo Kramer. The company holds several patents related to BAS technology. The company also has a research arm called SafeBreach Labs that investigates breaches and attacks in the wild.

Product Description

SafeBreach utilizes more than 11 million breach methods to look for weaknesses in an organization’s cyber defenses. It also has a partner program for vendors and service providers that want to incorporate BAS technology into their capabilities. It attempts to look at systems and defenses from a hacker’s perspective, and the company also offers a “Hacker’s Playbook” that details some of the latest cyberattack strategies.

Key Features

• Simulates the entire cyber kill chain
• No impact to existing environment
• Deploys and begins producing insights in just minutes
• Integrated dashboards that show security risk over time
• Integrates with other security tools, including SIEMs

Target Market

Chief security officers, security analysts and security red team engineers at enterprises, as well as technology companies and managed service providers

Customers

PayPal, Time, AppDynamics, unnamed companies in financial technology, mobile and online messaging and cyber and data security

Awards and Certifications

Gartner Cool Vendor, 2017 Innovation through Technology award, CRN Emerging Vendor

Pricing

Available on request; free trial available

The post SafeBreach: BAS Product Overview and Insight appeared first on eSecurity Planet.

See our full list of Top Breach and Attack Simulation (BAS) Vendors

Bottom Line

If your security budget is already stretched, Infection Monkey offers a free option for adding breach and attack (BAS) simulation to your cyberdefenses. It’s probably best for organizations with good in-house security expertise, as consulting and paid support are not available. However, its capabilities are on par with or better than many of the proprietary solutions available.

Company Profile

Founded:

2013

Headquarters:

Tel Aviv, Israel

Funding:

$46 million

Like some of the other vendors that offer BAS products, GuardiCore was founded by veteran cybersecurity experts from the Israeli Defense Force (IDF). The company’s primary product is the Centra Security Platform, an integrated security solution for hybrid clouds. Its areas of expertise include microsegmentation, threat detection and response, container security and cloud security.

Product Description

Unlike most of the BAS products on the market, Infection Monkey is available under an open source license, so it is completely free. The latest version includes the ability to detect cached credentials, identify the risk from unpatched servers and test network segmentation. It offers the same sorts of features as the proprietary BAS solutions, but the company does not provide paid support. It is available for download through the Infection Monkey website or GitHub.

Key Features

• Support for VMware, AWS, Docker, Google Cloud, Windows Server, Azure and Debian
• Automatic attack simulations
• Continuous and safe assessments
• In-depth testing
• Easy to deploy
• Provides visualizations of attacker moves
• Scalable
• Actionable security reports
• Community support

Target Market

CISOs at large enterprises and security researchers.

Customers

Information about Infection Monkey users is not available. GuardiCore customers include Beckman Coulter, Blue Bastion, Optimal+, Genome.One and OpenLink.

Awards and Certifications

GuardiCore has been named a Gartner Cool Vendor for 2019, a Cyber Defense Magazine InfoSec Award Winner, an Info Security Products Guide 2018 Global Excellence Gold Winner and an SC Magazine Group Best Buy for cloud security.

Pricing

Free

The post GuardiCore Infection Monkey: BAS Product Overview and Insight appeared first on eSecurity Planet.

See our full list of Top Breach and Attack Simulation (BAS) Vendors

Bottom Line

With an impressive list of awards and investors, Verodin is one of the more well-established breach and attack simulation (BAS) vendors in the market. Its Security Instrumentation Platform integrates with many other security tools, and it is used by global enterprises in many different industries.

Company Profile

Founded:

2014

Headquarters:

McLean, Virginia

Funding:

$33.1 million

Co-founded by cybersecurity industry veterans with decades of experience, Verodin aims to “help organizations remove assumptions and prove cybersecurity effectiveness with evidence-based data.” It boasts a global client base and has an impressive list of backers that includes Bessemer Venture Partners, Blackstone, CapitalOne Growth Ventures, Cisco Investments, Citi Ventures, ClearSky Power and Technology Fund, Crosslink Capital, Rally Ventures, TenEleven and Vital Venture Capital. It has won multiple awards, and it has technology partnerships with leading vendors like Alien Vault, ArcSight, Blue Coat, Carbon Black, CrowdStrike, Elastic, FireAmp, FireEye, LogRthythm, McAfee, NitroSecurity, Palo Alto Networks, Phantom, QRadar, SentinelOne, Splunk, Suricata, Symantec and TippingPoint.

Product Description

Verodin calls its BAS solution a Security Instrumentation Platform (SIP). Its helps enterprises determine if their security controls are working effectively, optimize and rationalize their security tools, detect environmental drift and understand their cybersecurity risk. It runs on-premises or in the cloud. The company also offers actors to test network, endpoint, email and cloud controls.

Key Features

• SaaS or on-premises (virtual appliance or installable software)
• Integrates with more than 50 other security products
• Effectiveness Validation Process (EVP)
• Dashboards and reports

Target Market

Global enterprises in any vertical and service providers

Customers

Not disclosed

Awards and Certifications

SINET 16 Innovator, TechConnect Defense Innovation Award, Barclays Tech Innovation Award and Security Shark Tank 1st Place Awards in Palo Alto, New York City and Chicago

Pricing

Available on request from Verodin or a reseller

The post Verodin: BAS Product Overview and Insight appeared first on eSecurity Planet.

See our full list of Top Breach and Attack Simulation (BAS) Vendors

Bottom Line

If you’re looking for a low-cost breach and attack simulation (BAS) product with upfront pricing, you should check out Threatcare. It has a free download plus monthly subscription services with low fees. The base product is not as full-featured as some competitors, but the optional agents extend its capabilities.

Company Profile

Founded:

2014

Headquarters:

Austin, Texas

Funding:

$2.1 million

Founded by a U.S. Navy veteran who worked in cryptography, this startup claims to be “the leader in breach and attack simulations.” The company says it is devoted to transparency, trust, respect and authenticity, which show up in its upfront pricing, straightforward salary formula and commitment to workplace diversity. In 2018, it acquired security services provider Savage Security.

Product Description

Threatcare comes in three versions: Free, Pro and Premium. The Free version is a standalone desktop app that offers breach and attack simulations only. The Pro version, designed for teams of up to five people, adds MITRE ATT&CK playbooks, unlimited custom playbooks, Web portal access, simulation results and custom exfiltration input. The Premium version has everything in the Pro version, plus premium support. Agents, which are available separately, add the ability to deploy on-premises or in the cloud and to monitor multiple networks.

Key Features

• Desktop deployment
• Optional agents for visibility into multiple networks and cloud assets
• Fast and comprehensive
• Ease of use
• Enterprise-grade process management, analytics and reporting
• On-premises and cloud deployment

Target Market

Enterprise CISOs and security analysts and managed security service providers

Customers

Stich Fix, Alibaba.com, Cyber Watch Systems, Jewelry Television, KPMG, Marsh, MongoDB, SailPoint, Sally Beauty Supply

Awards and Certifications

Talent Desk 2018 Best Startups to Work For

Pricing

Free version costs nothing and is available for immediate download. Pro version costs $33 per user per month, billed annually, and the Premium version costs $100 per user per month, billed annually. Agents cost $166.25 per month, billed annually. Enterprise discounts are available for companies with more than five users or more than ten agents, and there is a pricing calculator on the Website.

The post Threatcare: BAS Product Overview and Insight appeared first on eSecurity Planet.

See our full list of Top Breach and Attack Simulation (BAS) Vendors

Bottom Line

If you want a cybersecurity tool that can automatically find network vulnerabilities and recommend and prioritize fixes, XM Cyber’s breach and attack simulation (BAS) platform should be on your evaluation list.

Company Profile

Founded: 2016

Headquarters: Herzliya, Israel

Funding: $32 million

“Founded by the highest caliber of security executives from the elite Israel intelligence sector,” XM Cyber has offices in Israel, the U.S. and Australia. In November, it announced that it had closed a $22 million funding round, bringing its total funding to $32 million. Investors include Macquarie Capital, Nasdaq Ventures, Our Innovation Fund, LP, UST Global and Swarth Group. In 2018 alone, the company earned 16 different industry awards.

Product Description

XM Cyber’s BAS product, called HaXM, is a fully automated APT simulation platform that offers “defense by offense.” The company describes it as an “automated purple team” because it runs red team attack simulations and offers blue team remediation suggestions.

Key Features

• Continuously identifies attack vectors
• Prioritizes actionable remediation
• Reduces risk
• Optimizes cybersecurity resources
• Reports and dashboards
• Best practices and data-driven recommendations
• Fast deployment on-premises or in the cloud
• Visual mapping of attack paths

Target Market

CISOs, Red teams and security/IT ops at large enterprises

Customers

Names are not disclosed, but XM Cyber’s customers are said to include “leading financial institutions and critical infrastructure organizations across North America, Europe, Israel and Australia.”

Awards and Certifications

World Economic Forum Technology Pioneer, InfoSecurity Products Guide 2018 Global Excellence Awards, Cyber Defense Magazine InfoSec Awards Winner 2018, Red Herring 100 Winner North America, SC Awards 2018, Best Globe Awards Gold 2018, many others

Pricing

Available on request

The post XM Cyber HaXM: BAS Product Overview and Insight appeared first on eSecurity Planet.

See our full list of Top Breach and Attack Simulation (BAS) Vendors

Bottom Line

With an impressive list of awards to its credit and a founding team that includes a former IDF intelligence officer, Cymulate is one of the most promising vendors in the breach and attack simulation (BAS) market. It promises very fast deployment and immediate insights into a company’s attack readiness.

Company Profile

Founded:

2016

Headquarters:

Rishon Le Zion, Israel

Funding:

$3 million

Like many of the other BAS vendors, Cymulate is headquartered in Israel. Its team of co-founders includes a veteran of the intelligence unit of the Israel Defense Forces (IDF) and a former hacker. Its team also includes a Cyber Research unit that works to find new vulnerabilities and exploits while also monitoring emerging threats. Gartner named the company a “Cool Vendor for 2018.”

Product Description

Cymulate is an agent-based software-as-a-service product that the company claims can be deployed in just five minutes, with insights available just two minutes later. It includes immediate threat alerts, email security, Web gateway, Web application, lateral movement, endpoint, data exfiltration and phishing assessments, as well as the ability to test security operations center (SOC) awareness. The company also has a partner program for service providers that want to incorporate Cymulate’s capabilities into their own security services.

Key Features

• Mitigates attacks before they happen
• Eliminates false positives
• Plug and play
• No hardware required
• Immediate results 24/7
• Fully automated
• Continuous testing and improvement

Target Market

Enterprises and service providers

Customers

Telit, Union Bank, CLAL Insurance, Hospital Assuta

Awards and Certifications

Gartner named the company a “Cool Vendor for 2018.” It also won an Infosec Award for 2018 from Cyber Defense Magazine, a Best Cybersecurity Startup Award and a Security Automation Award from the Cyber Security Excellence Awards, a Global Excellence Gold Winner from Info Security Products Guide 2018, and a 2018 Fortress Cyber Security Award.

Pricing

Free trial available. Pricing on request.

The post Cymulate: BAS Product Overview and Insight appeared first on eSecurity Planet.

See our full list of Top Breach and Attack Simulation (BAS) Vendors

Bottom Line

Companies that are interested a combination of breach and attack simulation (BAS) software and penetration testing might want to consider WhiteHax, also known as IronSDN. It offers flexible solutions that provide “inside-out” cyber defense testing capabilities.

Company Profile

Founded:

Unknown

Headquarters:

Silicon Valley

Funding:

Unknown

Very little information is available about IronSDN, the company that sells the WhiteHaX products. The firm says it is led by a “veteran team of experts from security companies such as Symantec, Cisco, McAfee and others.” In addition to offering a BAS solution, it offers pen testing services.

Product Description

The company describes its WhiteHax platform as “a unique multi-appliance, pre & post-infiltration, security-breach simulation platform to allow IT Security teams to test the effectiveness of their already deployed security infrastructure.” It uses an attacker virtual appliance and a target virtual appliance to test the cyber defenses of the servers and endpoints on the network where it is deployed. It has versions available for networks, endpoints, PVC (cloud) and MSSPs, as well as a Lite version.

Key Features

• Historical graphs displaying readiness against different types of attacks
• Comprehensive cyberattack and cyberbreach simulations
• Zero impact on production systems
• Vendor-neutral
• Deploys on-premises or in the cloud

Target Market

Enterprises and MSSPs

Pricing

Available on request

The post IronSDN WhiteHaX: BAS Product Overview and Insight appeared first on eSecurity Planet.