Nehemiah Security announced upgrades to the EQ (Exploit Quantifier) platform. EQ tests the effectiveness of an organization’s endpoint configuration against malware and other attacks by leveraging cyberwarfare tools to characterize, model and predict attack outcomes in a customized, virtual environment. This configurable framework establishes scalable and repeatable testing to generate high-fidelity cyberattack intelligence.
Security teams leverage this automated functionality to perform what-if scenarios, train security personnel, and strengthen their defensive posture.
Security leaders must understand the strengths and weaknesses of their cyber defenses, yet, most continue to rely on manual processes to configure and execute testing of their defenses. These methods are time consuming, do not scale, lack metrics, and leave organizations without sufficient resources to optimize their security posture.
EQ makes it possible to measure the effectiveness of cyber defense operations. Experiments are conducted launching live malware into a virtualized environment modeling the organization’s IT assets.
From these experiments, empirical data is collected, providing insights into which attacks were successful and why. Correlations are drawn to promote changes to improve the security of a network’s configuration. The result is both an acceleration and a multiplication of the content that comes from these experiments.
“As adversaries and threats become more sophisticated, it becomes harder for companies to know if they are prepared for new kinds of attacks that have never been seen before,” said Dave Hooks, CTO, Nehemiah Security.
“EQ offers organizations a sophisticated solution for eliminating the guessing and knowing with proven, mathematical certainty what their risks are and how their assets will stand up to attacks.”
Following Nehemiah’s acquisition of Siege Technologies in 2016, the company absorbed a suite of offensive and defensive capabilities developed to support security sensitive organizations in the world.
Nehemiah recognized that when designing network protections, companies must understand what weapons their adversaries are using to predict whether the network will withstand an attack. With this philosophy in mind, EQ has evolved from one of these offensive capabilities into a major component of Nehemiah’s risk quantification software suite.
Building on its legacy of simulating how a network would stand up to a wide range of real-world exploits, new upgrades to EQ produce a measurement that can assess the effectiveness of existing cyber defenses in place.
Implementing EQ gives companies perspective on how to improve their defenses and network configuration by modeling the endpoint response to cyber attacks, validating their defenses against offensive intelligence.