FireEye Puts Security Programs To The Test With Simulated Attacks

FireEye’s attack simulation scenarios are created based on analysis from the latest data breaches as well as the most current intelligence regarding relevant threat groups.


FireEye debuted two new services that enable businesses to quantifiably test their security controls and programs using simulated attack scenarios from their recent Verodin acquisition.

The Milpitas, Calif.-based platform security vendor said its new Purple Team Assessments and Continuous Purple Team Assessments combine the best offensive and defensive security practices to help companies quantifiably test and measure their security effectiveness and improve their overall risk posture.

“Most organizations do not test the efficacy of their security controls and program thoroughly or often enough,” FireEye Mandiant consulting CTO Charles Carmakal said in a statement. “Without validation, security teams may base decisions on assumptions rather than evidence, which can instill false confidence in their ability to detect and respond to a security breach.”

Sponsored post

[Related: FireEye Mulls Sale To Private Equity Firm, Hires Goldman Sachs: Report]

Purple team assessments are a collaborative effort among the red teams – which simulate attacks – and the blue teams – which defend against attacks, the company said. FireEye Mandiant personnel function as the red team and augment a customer’s blue team, according to FireEye.

Mandiant experts guide a company’s security team through highly-realistic attack scenarios during Purple Team Assessments, the company said. The attack scenarios are created within the FireEye Verodin Security Instrumentation Platform (SIP) based on analysis from the latest data breaches as well as the most current intelligence regarding relevant threat groups, according to FireEye.

FireEye acquired McLean, Va.-based cybersecurity startup Verodin for $254.4 million in May to help find security effectiveness gaps stemming from equipment misconfiguration, evolving attacker tactics, or changes in the IT environment. The deal sought to help clients measure and test security environments against known and newly-discovered threats to identify risks in security controls before a breach occurs.

As a result of the Verodin transaction, FireEye said Mandiant can now more easily emulate the tools, tactics, and procedures (TTP) of hundreds of attackers. As the assessment progresses, FireEye said the customer receives a detailed scorecard that identifies where security operations are thriving, areas of improvements, and strategic recommendations to bolster the security posture.

Continuous Purple Team Assessments, meanwhile, allow customer security teams to train and enhance their detection and response capabilities over a three-to-six-month period as Mandiant personnel use the Verodin platform to emulate attacker tools, tactics, and procedures. The client’s security team will engage is periodic re-testing and evaluation during the exercise to measure their capabilities.

Mandiant personnel will track the progression of the security team’s detection and response capabilities throughout the engagement and provide scorecards that measure the team’s effectiveness, FireEye said. The practice is intended to both assess the impact of ongoing changes to a company’s security program as well as demonstrate the return on investment from an organization’s security spending.

“By integrating the Verodin platform with frontline threat intelligence, we are able to quantify organizations’ security effectiveness in a new and comprehensive way,” Carmakal said. “Purple Team Assessments are just the beginning of how we plan to integrate Verodin into our wider services portfolio.”

BAI worked with Verodin prior to its acquisition by FireEye and was impressed by its ability to continuously test and ensure security remains intact as customers change their policies or roll out new services, according to Managing Partner Ryan Morris.

Verodin’s technology makes it possible for the Annapolis, Md.-based solution provider to both legitimately assess over time how secure a customer’s security posture is as well as ensure that gaps are quickly addressed when they do open up, Morris said.

Verodin is very effective at following up and ensuring the vendors and channel partners actually facilitate the security outcomes that customers need, Morris said. And the Purple Team Assessments will allow security consultants, architects, and resellers to go back to enterprise customers with concrete evidence on what they should do next rather than trying to guess what their most serious problems are.

“This is awesome,” Morris said. “I’m a real big fan of this.”