SafeBreach announced the addition of new advanced attacks to the Microsoft Defender for Endpoint evaluation lab, providing seamless access to SafeBreach’s continuous security validation platform, to allow users to test their environment and device configurations.
This empowers security teams to test the efficacy of their endpoint solution instantly and accurately against top of mind threats, now including FIN7 threat group (using Carbanak malware) as well as the SolarWinds software compromise.
The evaluation lab in Microsoft Defender for Endpoint makes it easy for organizations to build and run proofs of concept (PoCs) in virtual environments using real software and networking scenarios in a safe and controlled environment.
These built-in SafeBreach attacks markedly improve the capabilities of the lab; they enable PoCs to clearly demonstrate the effectiveness of various Microsoft Defender for Endpoint configurations and empower security teams to closely observe and review prevention, detection, and remediation features in action. These attacks and the reports they generate cover the full span of a real attack along the entire kill chain.
The new Carbanak+FIN7 advanced attack allows users to replicate local host infection and malicious behavior performed by the threat group FIN7 using the Carbanak malware. The new Solorigate advanced attack allows security teams to replicate attacks on the SolarWinds Orion Platform using the Sunburst malware.
“These are two of the more serious attacks facing security teams in recent memory. Validating that existing controls are tuned to stop these exploits is critical to driving down cyber risk and minimizing chances of data breach and exfiltration of sensitive data,” says Itzik Kotler, CTO and Co-Founder of SafeBreach. “The ability to continuously validate controls and use that capability as a means of addressing the most critical risks is no longer optional. Customers and prospects can now visit the evaluation lab in Microsoft Defender for Endpoint to ensure they stay ahead of the opposition, even against these newer and more advanced attack types.”
Security teams using the evaluation lab do not need to make any code or configuration changes to run the new and existing SafeBreach attacks. Testers can simply select from one of the available scenarios in their evaluation lab control panel, immediately run the tests, and then receive the results for further validation and analysis.
“The addition of SafeBreach’s Carbanak+FIN7 and Solorigate attack simulations to our evaluation lab enables customers to test and improve their security posture against some of the most challenging threats facing companies today,” said Rob Lefferts, Corporate Vice President, Microsoft 365 Security. “Cyber-security is a team sport and partners like SafeBreach are critical to our efforts to continuously improve the ability of security teams to validate and optimize the efficacy of Microsoft Defender for Endpoint.”
With the addition of the two new attacks, SafeBreach allows security teams to validate their endpoint solutions against the following advanced attacks:
- Carbanak+FIN7 – attacks for local host infection and malicious behavior
- Solorigate – attacks for SolarWinds Orion Platform compromise using SunBurst malware
- APT29 (CozyBear) – attacks for local host infection and malicious behavior
- Credential threat – techniques such as dumping passwords and authentication tokens
- OS configuration changes – modifying the operating system configuration to enable malicious activity
- Code execution – techniques to verify whether it is possible to enable malicious activity
- Ransomware infection – known attacks including WannaCry, JAFF, Locky, NotPetya, and others