When we first conceived of the idea to build Validato – a continuous security validation platform that uses safe to use breach and attack simulation, we knew that we would be starting a little behind the curve, but with extensive first hand experience in this space and with a product management and development team made up of actual end-customer security professionals, we knew that we had our terms of reference correct.
Validato’s goal is quite simple: Bring what would be extremely expensive and complex security validation to the mid sized enterprise space, without sacrificing functionality and value of solutions designed for the largest enterprises.
“Using attack simulation to continually validate the effectiveness of security controls has the ability to transform the information security industry, which has been reliant on manual and expensive point in time offensive testing services”
Driven by the NIST Cyber Security Framework
Validato aims to provide CISOs and security teams with unbiased data-driven answers to the key questions that they need to ask; namely:
- Are our security controls protecting us from cyber threats?
- Is our SOC and Incident Response team able to detect attacks?
- Are we responding in an effective and timely manner?
It is no secret that it is NIST’s Cyber Security Framework (CSF) that drives much of the core principals behind Validato, which we think our customers will appreciate.
In order to answer these questions, Validato simulates the relevant tactics, techniques and procedures (TTPs) from the MITRE ATT&CK framework to provide reliable and up to date data to validate the effectiveness of security controls.
A staged approach to Security Validation using Breach and Attack Simulation
At Validato, we strongly believe that in order to get the maximum value from our Breach & Attack Simulation platform, you should not go crazy on day 1. We therefore advocate a phased approach that focuses initially on testing the protection of your host level controls, then measuring the detection of host level controls and finally response.
As the majority of cyber threats affect host environments, this is where we recommend you start.
Once you have validated your host security controls, we recommend that you move on to the server side host environments. Once these have been validated, you can think about testing other scenarios, like infiltration, lateral movement or exfiltration.
We invite you to do your own evaluation and due diligence of the Validato security validation platform by requesting a live demonstration and, when you are ready, we will be glad to provide access to the platform for free for three weeks.