Automate Validation of Your Security Controls with SafeBreach & Cortex XSOAR

Aug 10, 2021
4 minutes
... views

In the quest to defend the enterprise amid the ever-changing threat landscape, security teams have implemented numerous tools and processes to prevent devastating attacks. The downside to these solutions is the effort it takes to manage the heavy volume of resulting IOCs and reduce the number of false positives to identify the real threats in your environment before they can cause any harm. These challenges are further impacted by major gaps in visibility across your security controls, and the inability to measure and tune how effectively your processes, tools, and controls work together.

Leveraging SafeBreach with Cortex XSOAR provides unparalleled visibility into the performance of all your security controls and helps you automate the remediation of identified vulnerabilities. Using the SafeBreach Hacker’s Playbook™ with Cortex XSOAR enables you to maximize the efficacy of your security controls through continuous validation by automatically launching tens of thousands of safe attacks against your existing network, endpoint, and cloud infrastructure.

This holistic outcome-driven process presents results as SafeBreach Insights to help you to proactively identify the most current risks in your organization. Available within Cortex XSOAR, SafeBreach Insights can be used to gain enriched context around alerts and automate policy changes across your whole enterprise environment.

Orchestrated Remediation of IOCs

This integration automates the remediation steps to update your endpoint, cloud, and network security controls, unburdening your analysts by providing fully automated closed-loop remediation. Cortex XSOAR fetches non-behavioral IOCs from SafeBreach that were missed by your security controls, allowing you to address them directly from the Cortex XSOAR War Room.

SafeBreach also uncovers behavioral indicators of compromise (BIOCs) that are proven through simulated attacks to bypass your security controls. The SafeBreach Insights content pack found in the Cortex XSOAR Marketplace correlates BIOCs (e.g., exposed non-standard ports and protocols used for brute force attacks) for your security team to orchestrate investigation and automate configuration updates.

Orchestrate and Automate Remediation of High-Priority Attack Methods 

By automatically executing thousands of attacks, safely and continuously, SafeBreach helps identify high priority weaknesses in your security defenses. The data-driven simulation results are mapped to an interactive heat map of the MITRE ATT&CK framework for automated remediation of high-priority exposures with Cortex XSOAR. Following remediation, Cortex XSOAR triggers SafeBreach to rerun the attack simulations to validate that hardening of your defenses was successful across your network and endpoint controls.

Together, SafeBreach and Cortex XSOAR Empower You to:

  • Unburden your security analysts by fully orchestrating and automating the remediation of IOCs for your network, endpoint, and cloud security controls
  • Maximize the effectiveness of your existing security controls by continuously validating their performance against current and upcoming threats
  • Receive SafeBreach Insight remediations directly in the Cortex XSOAR War Room to help optimize your security configurations
  • Map attack simulations to the MITRE ATT&CK framework to easily drill down on simulation results and verify your remediation tactics

Simplify Configuration Updates with Cortex XDR

SafeBreach provides visibility into the impact of different attacks forms across your environment to help you proactively identify vulnerabilities in your security program. The dedicated SafeBreach Labs team monitors the threat landscape for the changes in IOCs to ensure the SafeBreach Hacker’s Playbook uses the most current data and techniques. In addition to program validation, security teams can utilize Cortex XDR to better protect your security ecosystem.

Using the SafeBreach content pack for Cortex XSOAR, you can automate test attacks against your Cortex XDR endpoint protection to identify which IOCs were not blocked, automatically remediate the unblocked IOCs, and rerun attack scenarios to ensure the loop is closed on all misconfigurations and security gaps.

Leveraging Cortex XSOAR and XDR together with the SafeBreach Insights content pack streamlines the process of configuration updates with uniquely designed playbooks to keep up with the continuous evolution of threats. This seamless combination is the most powerful and effective solution  to proactively protect your organization without adding overhead or the complexity of disparate systems.

Diagram showing Safebreach ecosytem

Learn More

Build out your security program with the SafeBreach content pack, available now on the Cortex XSOAR Marketplace. Look up prebuilt integrations for your top security tools with over 700 content packs available for Cortex XSOAR, the market’s leading SOAR platform. To learn more visit the SafeBreach pack on the Marketplace.

Discover how to automate attack simulation with SafeBreach and optimize your Cortex XSOAR and XDR incident response workflows during the Cortex XSOAR Marketplace Top Use Cases Webinar hosted live with Q&A on August 26th at 9 AM PST/12 PM EST.

 


Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.