Guardicore Infection Monkey now maps its actions to MITRE ATT&CK knowledge base

Guardicore unveiled new capabilities for its open source Infection Monkey breach and attack simulation tool, used by thousands to review and analyze how their environments may be vulnerable to lateral movement and attacks.

Guardicore Infection Monkey

The latest version of Guardicore Infection Monkey now maps its actions to the MITRE ATT&CK knowledge base, providing a new report with the utilized techniques and recommended mitigations, to help security and network infrastructure teams simulate APT attacks and mitigate real attack paths intelligently.

“The MITRE ATT&CK knowledge base is a globally-recognized, comprehensive matrix of tactics and techniques observed in millions of actual attacks, used by enterprise network defenders to better classify attacks and assess risks,” said Pavel Gurvich, Co-founder and CEO, Guardicore.

“By leveraging the universally accepted framework, Guardicore Infection Monkey is now equipped to help security teams quickly and safely test network defenses and how they map to specific advanced persistent threats.

“With clear and easy to understand reporting that identifies weak policies and provides prescriptive instructions to remedy them, Infection Monkey automates assessment of security posture and enables system tuning for better defense.”

Infection Monkey with MITRE ATT&CK reporting

Increasingly, cybersecurity experts and enterprise DevSecOps teams use the publicly available, MITRE-developed ATT&CK framework as a basis for network security tests and assessments.

Already deployed by users in ATT&CK simulations, the latest version is now equipped to test specific ATT&CK techniques in order to provide more insight about how those techniques were used and to offer prescriptive recommendations on how to better protect the network.

The end result is a platform where ATT&CK tests can be readily configured, automatically launched and results aggregated into a single, easy to read and digest report.

Guardicore Infection Monkey enables cybersecurity and infrastructure architects to automate testing of network defenses by attempting to communicate with machines residing in different segments of the enterprise network, demonstrating policy violations, and generating test results with actionable recommendations for remediation.

With prescriptive reporting that can be easily implemented without any additional staff or education, Guardicore Infection Monkey offers security leaders the ability to illustrate where defenses fall short and the measures necessary to rectify them.


Developed under the GPLv3 license, Guardicore Infection Monkey source code is currently available from the GitHub repository. Added capabilities for ATT&CK features are available now for immediate download. Guardicore Infection Monkey is available for bare metal Linux and Windows servers, AWS, Azure, VMWare and Docker environments, and private clouds.

More about

Don't miss