Keysight’s New Security Operations Platform
February 2020 by Marc Jacob
Keysight Technologies has announced Breach Defense, a security operations (SecOps) platform designed to improve operational security effectiveness. An integral element of the new platform is the Threat Simulator breach and attack simulation solution which enables network and security operations teams to measure the effectiveness of operational security by safely simulating the latest attacks and exploits on live networks.
Security operations teams are faced with an increasingly complex network environment that is continuously under attack by a flood of cyber threats generated inside and outside of their organizations. According to a recent Keysight Security Operations Effectiveness survey:
Good security tools don’t always protect as expected: 50% of survey respondents stated they found their security solution was not working as expected after a breach had occurred.
Most organizations don’t verify their security is working as it should: Only 35% of respondents have test-based evidence to prove their security products are configured and working correctly.
Most organizations recognize the value of security testing: 86% of respondents stated they would value a solution that finds and helps to remediate vulnerabilities in a company’s security posture.
Threat Simulator Delivers Confidence that Security Tools are Protecting as Intended
Keysight’s Threat Simulator solution provides enterprise security operations teams a method for testing security tools to determine their effectiveness in protecting the organization. It provides a continuous, automated security assessment of end-to-end production network security infrastructures, enabling organizations to quickly spot gaps and environment drift of security configurations, which is typically the result of someone in IT or a related group making a change without any malicious intent, while a patented recommendation engine provides clear remediation steps.
Built on a software-as-a-service platform, Threat Simulator uses a series of lightweight agents to simulate attacks on a live network without exposing production servers or endpoints to malware or attacks. Threat Simulator features a library of threat simulations which is continuously updated by Keysight’s experienced Application and Threat Intelligence Research Center. An integrated dashboard makes it easy to conduct assessments, spot vulnerabilities and drill down on issues. It features step-by-step instructions to mitigate vulnerabilities to help security operations teams solve the issue.
Breach Defense Suite — ThreatARMOR
In addition to Threat Simulator, Keysight’s Breach Defense SecOps platform includes ThreatARMOR, a threat intelligence gateway. Complementing an existing security infrastructure, ThreatARMOR reduces attack surface by blocking up to 80% of malicious traffic at the source—decreasing the number of security information and event management (SIEM) alerts. ThreatARMOR can: block traffic from known bad IP addresses at line-rate speeds; block malicious IP addresses manually or automatically from SIEM tools; identify and stop infected internal devices from communicating with known botnet C&C servers; block traffic by geography; and block unused IP space / unassigned IP addresses and hijacked domains from a network.