A software platform from startup Verodin launches simulated attacks against live networks as a way to check the effectiveness of their defenses and also train security operations personnel.
Verodin’s gear includes software probes that are deployed in customer networks to act as both attackers and targets. Data about the effectiveness of the simulated attacks is fed to a Web-based management platform called a controller that shows how well the network defended itself.
Verodin’s platform is similar to that from another startup called AttackIQ.
The Verodin Controller can check defenses in two ways. First it can determine whether the network can prevent specific attacks by running simulations that reveal whether existing security products are doing what they are intended to do. Problems exposed in this way could be due to misconfigurations or gaps that open up as changes are made to the network as a normal course of business.
Second, it gives SOC teams the chance to see what their dashboards look like when their security devices pick up intrusions. That way they have more realistic experience about how to respond for when real attacks happen.
There is a third use for the platform: judging bakeoffs between security products. If a business is considering buying a next-generation firewall, for example, it can get test samples of devices it is considering, plug them into the network and run attacks against them to see how well they do when faced with the same circumstances.
The platform can continuously run simulated attacks against the network or at regular intervals, giving network security pros the chance to see whether changes to network routing or segmentation efforts or other factors affect security.
The probes that launch the simulated attacks can be software running in virtual machines within other physical machines on the network or on bootable USB sticks.
The controller is integrated via APIs with security devices installed on the network in order to gather information about what data they collect about simulated attacks and their output.
Verodin includes a library of actions and sequences customers can use to test their networks. An action is a single step in an attack, such as downloading malware or attempting a SQL injection. A sequence is a string of actions that indicate a specific attack.
The company tries to keep its library of sequences up to date with new attacks. It includes tools for customers to create their own sequences based on incidents they experience.
The company was founded two and a half years ago and has been testing its product with customers for about a year.
Based in Reston, Va., the company has raised more than $3 million from Cisco, Vital Ventures and Crosslink Capital, and has about 20 employees.
The company isn’t releasing specific prices but they are based on the number of controllers.
This story, "Verodin carries out attacks safely to test network security" was originally published by Network World.