Platform Features

Introducing Validato – the continuous security validation platform.

How easy is it to set up Validato?

Four simple steps to validate your security controls



Create and deploy Validator™ simulation agents.
Our wizard-based Validator set up process makes Validators effortless to deploy.



Select your validation test scenario (or run all scenarios).
These can be based on threat type, like Ransomware, credential abuse or data exfiltration, threat group … or specific MITRE ATT&CK TTP.



Let Validato do its magic.
Validato attack simulations run silently in the background with no impact to production environments and can run automatically on a pre-defined schedule, or ad hoc on-demand.



Analyse simulation data and map results back to MITRE ATT&CK™ and SHIELD™.
Get immediate insights into how security controls performed whether security controls detected simulations.


Breach & Attack Simulation (BAS) is the term given to software platforms that simulate offensive attack methods in order to test and validate security controls.

Continuous Security Validation is the term given to solutions, like Validato, that validate security control configurations by running continuous offensive attack simulations.

Validato gives CISOs and security risk assurance professionals the impartial data that they are looking for in order to answer these questions:

Are our security controls protecting us as we assume they should be?
Are our SOC and Incident Response teams able to detect attacks?
How well are we responding to incidents?

Yes, Validato simulations are designed to run in production environments and not to cause any disruption or latency to the network or enterprise assets; unlike other forms of offensive security testing.

Validato has been designed to support continuous security validation if/when you are ready for that. In the interim, bi-weekly or weekly attack simulations are the most common options for our customers.

You might be surprised to learn that running Validato can be as little as the cost of a single penetration test; depending on the size of your organisation.

Validato is Italian for ‘validated’ – do you see what we did there?!

There are some qualifying criteria to meet, but yes, we want to give a little bit back to the world and are happy to provide Validato free to non-profit organisations.

Gartner sums up the difference between Breach & Attack Simulation and Penetration Testing succinctly, by saying that ‘Penetration Testing helps answer the question: can they get in? Breach & Attack Simulation answers the question: ‘does our security work?’’.

Put another way, Penetration Testing is about finding security vulnerabilities that an attacker can exploit, while Breach & Attack Simulation is about validating assumptions about how well security controls are tuned and configured. Both should form part of your offensive testing strategy.  You can read more about this topic in this Validato blog article.

Our team is always happy to elaborate, but simply, the Validato platform runs attack simulations between two or more Validator agents that are deployed on either side of security controls. We measure what simulation attack traffic was sent and what was blocked and/or detected by your security controls. Request a demonstration to see this live.