SafeBreach, the leading provider of Breach and Attack Simulation, yesterday released the third edition of the Hacker’s Playbook Findings Report, which uniquely measures enterprise security trends from the point of view of an attacker. Now comprising the collective knowledge and experience of more than 3,400 breach methods executed across 11.5 million simulations, this edition found malware infiltration success rates in excess of 60 percent, and the ability to successfully move laterally as high as 70 percent of the time. In most all cases, it seems organizations are continually implementing security controls, but not a cohesive defensive strategy—and in some cases, ignoring risks altogether.
The Playbook’s findings represent anonymized data executed within real production environments, including on-premise and cloud deployments in up to 100 networks. This edition includes existing Hacker's Playbook findings report data and new data from deployments between January 2017 and November 2017 and reflects which attacks are blocked, which are successful, and key trends and findings based on actual security controller effectiveness. The major new findings include:
“The more things change, the more they stay the same is a truism that unfortunately typifies far too many an enterprise security posture,” said Itzik Kotler, SafeBreach co-founder and CTO. “While the multitude of attacker tools and options—and the continuous drumbeat of compromise in the news—can be overwhelming, it doesn’t have to be an admission of defeat. With the understanding that we provide breach methods and scenarios across the entire kill chain and how it applies to each organization uniquely, organizations can significantly reduce risk without breaking the bank. In this latest round of research, one customer reduced attack success on the order of 60 to 70 percent without a single dollar of investment, and in just three weeks.”
The Hacker’s Playbook of breach methods has grown to more than 3,400 breach methods from older attacks like Zeus and CryptoLocker to recent ones like WannaCry, Loki2 and RedLeaves. The methods are combined in a multitude of attack scenarios specific to each organization’s risk and security profile to allow an unparalleled view, and highly accurate and actionable assessment of attack risks—in addition to validating the efficacy of deployed security technologies.
Subscribe to our newsletter for all the latest updates and special offers.
Click Here To view archive additions