This section describes how to continuously evaluate the security status of the latest threats through the collaboration between Cymulate's Cymulate cyber attack simulation platform and Mcafee's Endpoint Security Solutions.In order to reduce the risks such as loss of assets and the outflow of important information, it is important to be ready to detect and prevent attacks.
TRELLIX is proud to be able to introduce the great industry evaluation and award -winning history of our endpoint security platform.These are worthy of trust.If you want to do your own verification, you can continuously evaluate the security status of the latest threats by simulating infringement and attack, especially in your own settings and configurations.
According to Gartner Hype Cycle for Security Operation 2021, BAS (Breach and Attack Simulation) is a Peak of Inflater field, and the market penetration rate is 5 % to 20 % of the subjects.
※Gartner, “Hype Cycle for Security Operations 2021”, Pete Shoard, Shilpi Handa, 23 July 2021. GARTNERおよびHYPE CYCLEは、米国および海外におけるガートナー社および/またはその関連会社の登録商標およびサービスマークであり、本書では許可を得た上で使用しています。There are two main use cases in BAS solutions:
・ Verification of security control ・ Evaluation of security posture
Basically, security operations can be fine -tuned by checking the BAS report.
Other main use cases are as follows.
・ Security operation process and playbook evaluation and practice ・ Multiple vendor solution evaluation
Figure 1: Cymulate Dashboard from the JOINED EMEA WebINAR ON JANUARY 27, 2022.
In January 2022, Trellix's Doron Rosenberg will be Mcafee ENS (Endpoint Security) 10.In the two configurations, we conducted a test to the 490 Cymulate Endpoint Security scenario.
First, I tested an ENS environment with the following setting mistakes that often occur.
・ Disable reputation lookup of GTI (Global Threat Intelligency) ・ Set ATP (Adaptive Thread Protection) or DAC (Dynamic Application Containment) to the observation mode ・ Set the real protection (machine learning) low.
As shown in Fig. 2, this incorrect configuration result was 17%, and some attacks were almost completely achieved.
Figure 2: Cymulate's Ransomware Scenario Report with McAfee ENS 10.7 Misconfigured Configuration.
So Doron tested the ENS environment with ENS default settings.As a result, as shown in Fig. 2 below, many attacks could be stopped at an early stage of the attack life cycle, and the invasion rate was 1%.
Figure 3: Cymulate's Ransomware Scenario Report with McAfee ENS 10.7 Default Configuration
Figure 4: MVISION EDR Monitoring Dashboard After the Breach and Attack Simulations from Cymulate
Figure 5: MVISION Insights Campaign's Preview After the Breach and Attack Simulations from Cymulate
On February 7, 2022, we have released cooperation between Trellix Mvision EDR and Cymulate, and verify the detection as shown in Figure 6.
Figure 6: Official Integration of Mvision Edr with Cymulate
Cymulate can get a foothold on the device by these multiple simulation attacks that make full use of the known TTP.If you can quickly detect and stop attacks with Trellix Endpoint Security Platform, you can reduce the risk of intrusion, damage to assets, and leakage of important information.By using the built -in "MCAFEE Default" best practices, customers can shift and defend more effectively before threats build a foothold in the environment.
If you want to know more about this topic or want to watch live demonstrations, you can see the replay at this webinar held in Europe.
* The contents of this page are the following Trellix Stories, which is updated on March 4, 2022 (US time).