Keysight Threat Simulator

Additional Info

CompanyKeysight Technologies
Websitehttps://www.keysight.com/us/en/home.html
Company size (employees)10,000 or more
Type of solutionCloud/SaaS

Overview

Keysight Threat Simulator is a Breach and Attack Simulation (BAS) platform that enables SecOps teams to safely attack themselves, identify gaps, and fix vulnerabilities before attackers can exploit. Threat Simulator helps security teams continuously validate their defenses and safety.

Boasting an array of real-world threats and exploits, turnkey SIEM integrations, and 24/7/365 updates from Keysight’s Application Threat Intelligence (ATI) Research Center, Threat Simulator empowers SecOps teams to take control of a rapidly changing attack surface.

Threat Simulator sends relevant, targeted attacks from an untrusted zone to container-based software agents deployed within protected zones. With automated scheduling, SecOps teams can regularly assess network security solutions, such as Next Generation Firewalls, Web Application Firewalls, and Data Loss Prevention tools.

Drawing from Keysight’s 20+ year industry leadership in application and security testing, Threat Simulator features an array of real-world attacks and exploits, including:
• malware campaigns
• spearphishing campaigns
• data exfiltration
• cross-site scripting
• malware
• database exploits
• advanced persistent threats

During the stages of a simulated attack, Threat Simulator logs whether established security solutions can thwart the attack and the stage at which it was stopped. Should any stage of the attack succeed, Threat Simulator provides product-specific remediation techniques for SecOps teams to thwart future attacks.

For simplified deployment and cost-effectiveness, Threat Simulator is a SaaS-based platform that shows vulnerabilities, audit statuses, and security measurements over time, and includes a “Security Score” summarizing how secure a network is at any given time based on the number of successful audits.

Keysight’s ATI Research Center continuously updates Threat Simulator with the latest threats and exploits. With continuous updates, SecOps teams can trust they are always ahead by emulating the newest attacks or drilling down into attack signatures and evidence of malicious activity. With Threat Simulator, SecOps teams can take control of a rapidly changing attack surface.

How we are different

• Threat Simulator enables security operations teams to safely emulate attacks on their live network, measure and identify gaps, and remediate issues with step-by-step instructions. By measuring overall security posture, SecOps teams can rationalize how security investments are working, providing opportunities to better understand where misconfigurations and coverage/technology gaps are and where tool overlaps exist.


• As opposed to utilizing static and predefined PCAPs to run an assessment, Threat Simulator instantiates the required application services to model the threat in a realistic manner — including emulating Command and Control servers. This enables you to modify attributes of attacks for an evasive approach and determine if basic inspection scanning (such as SSL DPI) is operating as intended. This makes it easy to find malware hiding in plain sight by toggling transports like HTTP and HTTP over SSL (HTTPS).
• Threat Simulator identifies environment drifts to monitor and understand defensive gaps from emerging threat vectors and APT campaigns. Agents that are deployed on client networks, act as simulator “targets” or “attackers” inside the network—enabling safe, realistic attack and breach scenarios