Actu
Cymulate Launches Automated Purple Teaming for Pen Testing Service Providers
June 2021 by Marc Jacob
Cymulate, the industry for SaaS-based Continuous Security Validation platform leveraging the MITRE ATT&CK® framework end-to-end, announced today the launch of Cymulate Cyclone, a customizable, template-driven platform that enables security service providers to craft, automate and deliver purple teaming exercises to help their enterprise customers actively protect their networks.
Unlike traditional automated pen-testing solutions that only offer the adversary perspective, Cymulate Cyclone integrates security controls to also provide the defender’s findings and correlates them with attacker actions. The platform’s rich repository of attack resources and scenarios provides immediate value that enables optimization of the company’s security posture. Cyclone’s accessibility and ease of use upskills more junior security penetration testing teams, boosting productivity in over-stretched departments by automating repetitive efforts. This empowers expert pen-testers to craft complex and/or unique purple team exercises and scenarios. These can be automated and reused, freeing personnel to focus on value creation and more demanding tasks.
Cymulate Cyclone optimizes SOC detection, hones threat hunting skills and improves incident response processes, offering an additional revenue-generating service for security service providers. Scaling existing pen-testing expertise, Cyclone purple teaming auto-correlates blue team detections to red team adversarial tactics, providing remediation and detection guidance and Sigma rules for SIEM optimization. Following Cymulate’s core platform offering and reporting, the attack scenarios are aligned to the MITRE ATT&CK framework and results can be exported to the ATT&CK navigator.
Key features include:
• Automatic purple teaming: Crafting and launching automatic attack scenarios and correlating security-control findings to validate effectiveness.
• Scale expertise: Creates reusable and modifiable template-based assessments and automatic routine and base-line assessments.
• Rich repository of resources: Creates interactive attacks sessions and includes out-of-the-box assessment templates, executions, payloads, tools, and Sigma rules for immediate value creation.
• Efficiency: Auto-correlates security control findings to attacks, and automatically generates reports mapped to MITRE ATT©CK
Cymulate’s SaaS-based platform runs simulations of the latest threats in the wild and tests an organization’s security defenses and controls across the entire kill chain of attack vectors and APT attack scenarios, highlighting security gaps and providing mitigation procedures to optimize the security posture.
