SafeBreach launches new platform to prioritize, mitigate security gaps

SafeBreach has launched the next version of the SafeBreach GRID platform -- its Global Risk Director that helps security teams prioritize and manage security gaps revealed by breach simulation.

According to SafeBreach, GRID correlates data from multiple simulations to identify security gaps and then links them to their potential business impact. The platform then generates a priority-based set of recommendations that helps security teams decide which security gaps to address first.

Cybersecurity and risk management are among the top investment priorities in 2019 for Europe, Middle East and Africa (EMEA), according to this year's ComputerWeekly/TechTarget IT Priorities research.

As companies equip themselves with new technologies to improve employee performance, smooth operations and boost productivity, concerns over breaches and attacks grow higher. As a result, 29% of EMEA and 34% of U.K. respondents said they were planning to increase investment in security to address new threats and compliance requirements to support digital transformation.

According to SafeBreach, the launch follows customers' demand for higher team efficiency by discovering and tackling the most impactful security issues first. It claims GRID does that by analyzing the enterprise's assets and the immediate threat landscape to discover any security gaps in its network.

The GRID product works exclusively with the SafeBreach platform and includes the following features:

• risk indicators to help quantify business risk;
• analysis of multiple simulation results to provide prioritization of remediation activities;
• guidance on security configuration changes based on potential business impacts; and
• integration via the SafeBreach platform with security tools to automatically gather SafeBreach's analysis of enterprise network and endpoint security gaps for an organization.

A security startup based in Silicon Valley, SafeBreach is competing with other U.S.-based startups, such as Verodin and AttackIQ, in the breach and attack simulation technology market.

AttackIQ, which recently announced its partnership with BlackBerry Cylance to deliver enterprise endpoint security validation, promises to provide "customizable scenarios that mimic real-world threats" for organizations to measure their security control performance and identify security gaps, according to their website.

Verodin's Security Instrumentation Platform also works to make sure an organization's security control system is up to date with the current threat landscape. The product intends to integrate into and guide customers' IT environments to test the effectiveness of their "network, endpoint, email and cloud controls" and then offers reports on how to optimize existing controls, according to the vendor.

According to Gartner Research Vice President Toby Bussa, breach and attack simulation technologies are addressing many use cases for customers, such as determining the effectiveness of their security controls and configurations or identifying which organizations' assets are most at risk of attack.

"Integrations with a wider range of security and nonsecurity technologies to gather data and context is still a work in progress. For example, extending monitoring into IaaS and PaaS environments. The ability to directly drive remediations based on the findings and recommendations from these tools isn't yet mature," Bussa said of the existing products in the market.