Using Cymulate to Defend Against APTs

By: Dave Klein, April 25, 2021

I get a great deal of satisfaction working with enterprises and professionals helping them to develop the skill sets to meet difficult challenges and overcome them. This is especially true when looking at and defeating nation-state and criminal attackers. We have seen some very disastrous Nation-State APT (advanced persistent threats), ransomware and supply chain attacks recently. As sophisticated and frightening as these attacks are, they are, however something we can protect ourselves from. Whether preventing them in the first place or allowing the damage to be superficial and easily recoverable from, when one incorporates the right elements together, we can survive.

 

Challenges in the Era of Digital Innovation

To understand how to defeat them we must first look at the intense digital innovation we see being adopted by both Enterprises and by our adversaries. Enterprises globally have adopted digital innovation to accelerate the pace of change within their environments. They are also using software-as-a-service, DevOp/cloud models and are also interconnected to their suppliers, customers, vendors, and financial institutions.

In a sinister twist nation-state and criminal attackers have also adopted a digital innovation methodology of their own where they collaborate, often work with each other in an as-a-service methodology and attacks are carefully researched and scripted. When an attack is launched most often it is done as an automated series of chained steps, they dig deep making a beachhead, creating backdoor accounts, establishing C&C updates, remote access – all into thousands of enterprises at one time.

 

Traditional Methods Fail

Relying on periodical penetration tests or third-party audits now fail as it is merely a snapshot of a moving, evolving enterprise and threat landscape unable to truly test nor convey true risk. Furthermore, since the attackers change at a dramatic pace in looking at these three types of attacks APT (Advanced Persistent Threats), ransomware and supply chain attacks traditional methods cannot test for them accurately and the worst thing that could happen is an enterprise to make inferences and assumptions when looking at how their people, processes, and things – in this case things being their security controls would handle them.

 

Removing Assumptions with Facts – Fear with Confidence

The beauty of Cymulate with continuous security validation and purple teaming is it allows us to replace these inferences and assumptions with tangible, operationalized facts. We are, turning that same digital innovation to serve us. We replace fear with facts, guesses with tangible, prescriptive steps we can take to not only find the gaps, vulnerabilities, and misconfigurations within how our people, our incident response plans, and our security controls work but how to fix them. Most importantly we build volition and confidence. This same methodology can be applied to these most serious threats easily. Cymulate Labs team constantly tracks threat actors and continuously updates the Cymulate solution to incorporate the latest threats. Besides just testing a single methodology at each step of the attack, they can be used to test all of them. The results include easy to follow technical prescriptive remediations and clear and concise executive reports as well. There are three portions of the solution we use against APTs (Advanced Persistent Threats), ransomware and supply chain attacks:

Cymulate Immediate Threats Module

It provides you with safe, comprehensive and straightforward way to see if your enterprise is vulnerable to these real-world attacks, capabilities, and techniques. Clearly explained, mapped to the Mitre ATT&CK Matrix, and run, the module provides the broadest coverage, chaining various actor techniques to safely target the various attack vectors from email, web, endpoint, and other vectors. The attacks include all the steps and variations comprehensively tested.

Full Kill Chain APT Module

This module allows you in a safe, comprehensive and straightforward way to assess at all stages from initial breach through data exfiltration to dive even deeper into the behavior and techniques used by these actors to see how your first- and third-party security controls react to non-signature identifiable real-world attacks, capabilities, and techniques. Gives the practitioner additional options to test potential future changes in delivery, behavior, attack vectors and executables.

Purple Team Assessment

This module automates, streamlines Red, Blue and Purple Team exercises. Includes tens of thousands of real-world exploits to allow you to easily design, chain and test. Mitre ATT&CK Matrix organized dashboard easily shows where each technique, behavior and exploit fit into an attack timeline. Contextual and searchable templates allow you to utilize both Cymulate and customer added attacks and techniques.

 

Customer Usage Patterns Show Success

In looking at the 2020 Yearly Cymulate Usage Report, where we analyzed all our customers usage patterns for the year, we see that all our customers use us to test against these most extreme attacks successfully. For example, we found that over 96% of our customers tested against the Sunburst exploits and over 90% tested against multiple strains of ransomware in their production environments. What makes this data so important it is across our entire group of customers from those along the whole cybersecurity maturity model. From those who would consider themselves novices to those who are very experienced and advanced – everyone was able to benefit from these capabilities.

 

Cymulate for the Win

Customers are now able to test against the most advanced threats and do so in a far deeper and comprehensive manner. It means when new threats appear, customers who use Cymulate can immediately, safely, easily, and in an automated fashion assess and optimize their people, processes, and security controls.

Safely, easily and continuously test your enterprise against APT, Ransomware and Supply Chain Groups. Start a customized free trial today

Start Now

Don’t speculate, Cymulate.

Dave Klein
Dave Klein

Dave Klein is the Director of Cyber Evangelism for Cymulate. With more than 21 years of real-world cybersecurity experience, he works with Cymulate teams, customers and industry thought leaders to address the challenges of securing modern enterprise environments. Dave’s long career includes working on the NIST response to President Obama’s Policy Directive 21 on Critical Infrastructure Security and Resilience, leading some of the largest sales engagements for US Federal security solutions, and working with the City of New York post 9/11, helping shore up cyber defenses.