SafeBreach Adds Support for New Advanced Attacks to Microsoft Defender for Endpoint Assessment Lab



SafeBreach announced the addition of new advanced attacks to the Microsoft Defender for Endpoint Assessment Lab, providing seamless access to SafeBreach’s continuous security validation platform, to allow users to test their environment and their configurations. devices.

This allows security teams to instantly and accurately test the effectiveness of their endpoint solution against the most common threats, now including the FIN7 threat pool (using Carbanak malware) as well as SolarWinds software compromise.

Microsoft Defender for Endpoint Assessment Lab enables organizations to easily create and run proof of concept (PoC) in virtual environments using real software and networking scenarios in a secure environment and control.

These built-in SafeBreach attacks dramatically improve lab capabilities; they allow PoCs to clearly demonstrate the effectiveness of various Microsoft Defender for Endpoint configurations and allow security teams to closely observe and examine prevention, detection, and remediation features in action. These attacks and the reports they generate span the duration of an actual attack throughout the chain of destruction.

New advanced Carbanak + FIN7 attack allows users to replicate local host infection and malicious behavior of FIN7 threat group using Carbanak malware. The new Solorigate advanced attack enables security teams to replicate attacks on the SolarWinds Orion platform using Sunburst malware.

“These are two of the most serious attacks that security teams have faced in recent memory. Validating that existing controls are set to stop these exploits is key to reducing cyber risk and minimizing the risk of data breaches and sensitive data exfiltration, ”said Itzik Kotler, CTO and co-founder of SafeBreach. “The ability to continuously validate controls and use that ability as a means to address the most critical risks is no longer optional. Customers and prospects can now visit the Microsoft Defender for Endpoint Assessment Lab to ensure they stay ahead of the opposition, even against these newer and more advanced types of attacks.

Security teams using the Assessment Lab do not need to make any code or configuration changes to run new and existing SafeBreach attacks. Testers can simply select one of the scenarios available in their testing lab’s control panel, run the tests immediately, and then receive the results for further validation and analysis.

“The addition of SafeBreach’s Carbanak + FIN7 and Solorigate attack simulations to our assessment lab allows customers to test and improve their security against some of the most difficult threats businesses face today,” said Rob Lefferts, corporate vice president, Microsoft 365 Security. “Cyber ​​security is a team sport and partners like SafeBreach are essential to our efforts to continuously improve the ability of security teams to validate and optimize the effectiveness of Microsoft Defender for Endpoint.

With the addition of the two new attacks, SafeBreach enables security teams to validate their endpoint solutions against the following advanced attacks:

  • Carbanak + FIN7 – attacks for local host infection and malicious behavior
  • Solorigate – attacks for the compromise of the SolarWinds Orion platform using SunBurst malware
  • APT29 (CozyBear) – attacks for local host infection and malicious behavior
  • Threat of identification – techniques such as flushing passwords and authentication tokens
  • Changes to the operating system configuration – modify operating system configuration to allow malicious activity
  • Code execution – techniques to check if it is possible to activate malicious activity
  • Ransomware infection – known attacks, including WannaCry, JAFF, Locky, NotPetya and others



Leave A Reply