Infection Monkey: Open source tool allows zero trust assessment of AWS environments

Guardicore unveiled new zero trust assessment capabilities in Infection Monkey, its open source breach and attack simulation tool. Available immediately, security professionals will now be able to conduct zero trust assessments of AWS environments to help identify the potential gaps in an organization’s AWS security posture that can put data at risk.

zero trust AWS

Infection Monkey helps IT security teams assess their organization’s resiliency to unauthorized lateral movement both on-premises and in the cloud.

The tool enables organizations to see the network through the eyes of a knowledgeable attacker – highlighting the exploits, vulnerabilities and pathways they’re most likely to exploit in your environment.

Zero trust maturity assessment in AWS

New integrations with Scout Suite, an open source multi-cloud security auditing tool, enable Infection Monkey to run zero trust assessments of AWS environments.

Infection Monkey highlights the potential security issues and risks in cloud infrastructure, identifying the potential gaps in AWS security posture. It presents actionable recommendations and risks within the context of the zero trust framework’s key components established by Forrester.

Expanded MITRE ATT&CK techniques

Infection Monkey applies the latest MITRE ATT&CK techniques to its simulations to help organizations harden their systems against the latest threats and attack techniques. The four newest ATT&CK techniques the software can equip are:

  • Signed script proxy execution (T1216)
  • Account discovery (T1087)
  • Indicator removal on host: timestomp (T1099)
  • Clear command history: (T1146)

Critical Exploit Assessment

Despite patches being issued, organizations are still susceptible to powerful new vulnerabilities that threat actors continue to exploit. Infection Monkey is now able to test infrastructure resiliency to new remote code execution vulnerabilities, including CVE-2020-1472 (Zerologon) and CVE-2019-6340, which affects Drupal Core.

“The accelerated adoption of cloud workloads has elevated the risk of data being exposed either by external threat actors, or by internal vulnerabilities such as poor access control and misconfigurations. Securing this sensitive information requires a shared model of responsibility, where organizations are enforcing Zero Trust frameworks on their cloud workloads,” said Ofri Ziv, VP Research, Guardicore.

Don't miss