Spirent Communications announced availability of its CyberFlood Data Breach Assessment solution, which enables security operations and IT teams to validate security of production networks by delivering continuous automated assessment of security and data loss prevention (DLP) policies using up-to-date threat intelligence.
With CyberFlood, organizations can assess their ability to stop data breaches, cyberattacks, and malware infections without requiring attack expertise or impacting internal IT team resources. Unlike simulation-based data breach validation tools, the CyberFlood Data Breach Assessment solution accurately assesses an organization’s security posture by emulating real-world attack, malware, and DLP scenarios.
With this latest release of CyberFlood, customers can extend their in-house security teams by selecting optional services bundles from Spirent SecurityLabs’ professional services team, utilizing their expertise in vulnerability scanning and penetration testing services to support deployment and management of Spirent’s unique assessment solution.
Despite precautions, data breach attacks occur with increasing frequency and magnitude, affecting public and private institutions throughout the world. Organizations need to constantly monitor and stress their networks to assess network security effectiveness, validate and improve their ability to detect attackers, and prevent the theft of data and valuable assets.
Such assessment strategies are increasingly important for supporting compliance requirements and proof of best efforts for security reviews. By integrating CyberFlood Data Breach Assessment with Spirent SecurityLabs’ expert services, Spirent provides this combination as an automated turnkey solution.
“Traditional approaches to thwarting data breaches do not always deliver the coverage enterprises require and often fall behind in the upward spiral of dynamic changes to security products, network topology, applications, user behaviors, and attacker threats and tactics,” said Sameer Dixit, vice president and head of Spirent SecurityLabs. “Continual data breach assessments keep organizations prepared for early attack detection and curtailment. The combination of Spirent CyberFlood Data Breach Assessment with expert security services makes testing practical and effectively puts it in the hands of a wide range of organizations.”
Central to the solution is Spirent’s unique ability to emulate data breaches, attacks, and other scenarios rather than simulate them. Unlike simulation testing solutions, CyberFlood safely utilizes real stateful traffic and activities that are indistinguishable from live efforts. Spirent has accumulated, and continually updates, an enormous repository of real attack components that are used for testing, including exploits, applications, sensitive data, and malware.
In contrast, simulation relies on replayed traffic and network activities that seem real, but are often discounted by security infrastructure as phony artifacts and simply passed through or blocked as invalid network streams. Such traffic cannot adequately validate an organization’s defenses against cybercrime.
The quality of a proactive data breach assessment is greatly impacted by the correct placement of assessment agents through the network to serve as the “eyes and ears” for attack activity. The CyberFlood Data Breach Assessment bundle ensures the correct placement of lightweight software agents, so that all relevant networks – including virtual and cloud – can be assessed.
It also identifies the risk from costly and disruptive data breaches that result from the actions or neglect of insiders. Such insider attacks account for a significant portion of all data breaches. Spirent’s Sensitive Data Module integrates assessment for data leaks with tests for the ability to thwart the loss or theft of sensitive and confidential data by accident, or due to insider actions.
“Given the highly dynamic nature of today’s networks and computing environments and the velocity of new threats and exploits, it is imperative to continually assess and validate the organization’s ability to protect data and critical resources,” said Patrick Daly, Analyst at 451 Research. “At the same time, organizations grapple with a shortage of security professionals that have the time and expertise to conduct complete assessments. A combination of data breach emulation and dedicated deployment and operational support provides proactive security assessments on a continuous basis.”