Validato Blog
Our latest news and insights
Snatch Ransomware: CISA Threat Advisory AA23-263A available for testing in Validato
Snatch Ransomware: CISA Threat Advisory AA23-263A is now available for testing in Validato for all existing customers. The Cybersecurity and Infrastructure Security Agency (CISA) has issued a cyber threat advisory relating to Snatch Ransomware, an emerging Ransomware threat actor that first emerged in 2021 and has so far mainly targeted organizations in the Defense, Agriculture, Food Production and Technology sectors. Like many later generation Ransomware
Threat-Informed Defense: What Is It and How to Implement It?
Many organizations struggle to gauge the true effectiveness of their security controls. Security measures frequently falter without detection and breaches still have significant consequences. Cybersecurity teams require a proactive and straightforward method to consistently monitor the actual performance of their security programs. To address this issue, adopting a Threat-Informed Defense strategy becomes crucial. Through ongoing testing of defenses, teams can accumulate more comprehensive data and
What Is a Cyber Attack Simulation?
In today's digital landscape, where cyber threats continue to evolve and grow in complexity, the importance of cybersecurity cannot be emphasized enough. Organizations across various sectors face the constant risk of cyber attacks, which can have severe consequences ranging from financial losses to reputational damage. To effectively combat these threats, cybersecurity professionals employ a range of strategies, one of which is cyber attack simulation. But
Validato Announces Strategic Partnership with VISO in Ireland
FOR IMMEDIATE RELEASE 2nd June 2023 Validato Announces Strategic Partnership with VISO in Ireland London, United Kingdom – Validato, a leading provider of security controls validation technology, is excited to announce a partnership with VISO, an information security service provider. This partnership will bring together the strengths of both companies to deliver enhanced solutions and value to their respective customers. Validato is recognised as an
Simulating BianLian Ransomware to Test Defences
On May 16th 2023, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Australian Cyber Security Centre (ACSC) issued a joint advisory (Advisory AA23-136A) on the emergence of a new Ransomware group, calling themselves BianLian (after the infamous Chinese theatrical costume dances). BianLian Ransomware has been active in a variety of industry sectors in the United States and Australia, at the time of writing.
Validato Webinar recording: Using MITRE ATT&CK to Simulate Ransomware Techniques
We are excited to announce our upcoming webinar on "Using MITRE ATT&CK to Simulate Ransomware Techniques". MITRE ATT&CK has become an indispensable tool for offensive security and cyber resilience testing. Join Validato founder, Ronan Lavelle to learn how to leverage it as the foundation for your offensive security testing program. In this webinar we will cover: How to use MITRE ATT&CK as the foundation
Enhancing SIEM Detections With MITRE ATT&CK Simulations
Introduction Security Information and Event Management (SIEM) platforms are essential tools for detecting and responding to security threats. These systems can analyse and correlate data from various sources to identify potential threats in real-time. However, SIEM systems can become less effective when attackers use advanced or new techniques to evade detection and if they are not regularly tested and retuned. Attack simulations based on MITRE
Validato Secures Funding From NCSC Growth Fund
FOR IMMEDIATE RELEASE Cheltenham, United Kingdom 30th March 2023 Validato Secures Funding From NCSC Growth Fund Validato, an emerging security controls validation platform, is pleased to announce that it has secured funding from the UK's National Cyber Security Centre (NCSC) Growth Fund. The funding will be used to accelerate the development of Validato's innovative cyber threat simulation platform and expand its customer
Red Canary 2023 Global Top Threats Available to Test in Validato
Red Canary 2023 Global Top Threats Available to Test in Validato Validato is happy to announce that it has added the Red Canary Top Threats, as published in the Red Canary 2023 Threat Detection Report, to the Validato platform. This allows Validato customers to instantly test and validate their security control effectiveness and detection capabilities against this list of threats. Who is Red Canary? Red
Validato exhibiting at CyberUK 2023
We are delighted to announce that we will be exhibiting at CyberUK in Belfast on the 19th and 20th of April 2023. If you are planning to attend, please stop by the Validato booth and say hello! More information on the event and how to register, visit: https://www.cyberuk.uk/
US CISA’s recommendation of Security Controls Validation a major milestone
The US CISA (Cybersecurity and Infrastructure Security Agency), an agency of the United States Department of Homeland Security that is responsible for strengthening cybersecurity and infrastructure protection, issued an advisory alert recently that urges US firms to make use of Security Control Validation tools to regularly verify the effectiveness of security controls. In a Ransomware advisory alert (AA22-257A) published in September 2022, CISA advises for
Simulating MITRE ATT&CK techniques using Breach & Attack Simulation (BAS)
Simulating MITRE ATT&CK techniques using Breach & Attack Simulation (BAS) Simulating MITRE ATT&CK techniques using Breach and Attack Simulation (BAS) is becoming a powerful tool for cyber security professionals to test and improve cyber defences. By replicating the tactics, techniques, and procedures (TTPs) used by real-world cyber adversaries, BAS tools can help companies to identify and address vulnerabilities in their systems before they can be
Will Breach and Attack Simulation replace manual penetration testing?
Will Breach and Attack Simulation (BAS) replace manual penetration testing? That is the question that many CISOs and security professionals are looking to understand in 2023. Breach and Attack Simulation is a relatively new niche part of the cyber security tools market, but one that is growing rapidly. Frost & Sullivan Research estimates that the BAS market is set to grow at 35% each year
5 reasons why Automated Breach and Attack Simulation should be a priority in 2023
Automated Breach and Attack Simulation (BAS) is a valuable tool for organisations because it allows them to simulate and validate their security defences against a wide variety of threat scenarios without causing damage or disruption to the business. Here are 5 reasons why Automated Breach and Attack Simulation should be a priority for organizations in 2023: Cybersecurity threats are constantly evolving: Cyber criminals are always
MITRE ATT&CK and Breach & Attack Simulation
MITRE ATT&CK and Breach & Attack Simulation MITRE ATT&CK® is a free resource that all cyber defenders should be aware of and use in their defensive preparations. The ATT&CK framework is a comprehensively documented kill-chain of attacker behaviours, classified by Tactics, Techniques and Procedures. In this blog, we offer advice to help get started with ATT&CK and explain how MITRE ATT&CK and Breach & Attack
Cyber stress tests using automated Breach & Attack Simulation
Tesco Plc recently disclosed in its 2022 Annual Report that it had conducted a cyber stress test to simulate the potential affect that a damaging cyber incident would have on its business and specifically, on the financial impact of having its customer data compromised. An article written by Verdict concludes that the fact that Tesco has so publicly disclosed the results of their cybersecurity stress
Validato selected to join prestigious NCSC for Startups programme
Validato is delighted to announce that it is only one of five high potential cyber startups in the UK invited to join the NCSC for Startups programme, delivered in partnership with Plexal. This is a programme designed by the UK's NCSC to engage with private sector technology companies to combat the nationwide threat of Ransomware. Ransomware is considered by the NCSC to be the number
Continuous Security Controls Validation
As a CISO, your job is to set up a balanced security program that defends your company against a variety of cyber attacks. It's not an easy task: typically, it takes years before a security program reaches maturity. Maintaining your company's security program is even more difficult. How do you ensure you continuously stay on top of the latest cybersecurity threats? The answer lies in
Breach and Attack Simulation vs Penetration Testing
Breach and Attack Simulation vs Penetration Testing Breach and Attack Simulation vs Penetration Testing is becoming the question to answer in offensive security testing circles of late; so what is the difference between the well established world of penetration testing and the up and coming Breach and Attack Simulation (BAS)? Before we answer that , it is noteworthy to point out that investments in information
Introducing Validato – the security validation platform
Introducing Validato When we first conceived of the idea to build Validato - a continuous security validation platform that uses safe to use breach and attack simulation, we knew that we would be starting a little behind the curve, but with extensive first hand experience in this space and with a product management and development team made up of actual end-customer security professionals, we knew