Enlarge / Randori's attack platform aims to automate the opposing security role of "Red Team" so that more companies can afford to constantly check their security.
CSA images via Getty Images
Attack simulation and red teaming as a service have become a hot development area in recent years as companies continue to look for ways to better train their network defenders and find problems before attackers do so. Randori, a company that combines red teaming skills and experience with security software, is launching a new platform today that tries to use the know-how of a highly budgeted security test team as a cloud-based service. Always on the pulse of the defenses of their companies.
Red teaming, the practice of actively researching and exploiting vulnerabilities in systems to find and address security vulnerabilities, has long been the field of high-paying security consultancy firms that work with the keyboard (and occasionally perform full penetration tests). Hands-on lockpick) commitments that most companies can't afford. Large companies and software companies, whose business is absolutely necessary to keep their systems safe, usually have internal red teams. Smaller companies that need red teams, for example to obtain credit card compliance certification or to check the security of other financial systems, are often reliant on hits – execute obligations with external specialists.
Other efforts have been made to streamline and automate components of Red Teaming so that it becomes a more regular part of corporate security programs. For example, Scythe, a company that emerged from security research firm Grimm, has focused on providing attack simulations as a service. For example, a company can test the capabilities of its defenders and users of the "blue team" by executing modular "attacks" that mimic the techniques of well-known threat groups and at the same time create a marketplace for security test modules. Other companies, such as Pwnie Express, have used passive and "objectionable" security tools to check networks for potential attack methods.
Randori takes the red teaming mission a few steps further. Instead of simulating attacks based on known threats, Randori Attack carries out real, novel attacks based on emerging security gaps – similar to what a red team would do. Randori's "flagship" service, founded by CEO Brian Hazzard (formerly Carbon Black) and CTO David "Moose" Wolpoff (a veteran of the reverse engineering and red teaming department of security specialist Kyrus Tech), is the Attack Platform – a cloud platform. based system, which, in combination with Randori's internet-based reconnaissance system, constantly discovers and exploits the system of a customer company, taking on the role of the system described by Hazzard as a "trusted opponent".
Enlarge / "Runbooks" are automated packages that contain tested attacks on certain vulnerabilities. Depending on the scope specified by the customer, you can go as far as necessary to identify a system vulnerability.
Randori was inspired when Hazzard was vice president of product management at Bit9, the company that acquired the original carbon black in 2013 and later got its name. Bit9 was hit in 2012 by a nationwide cyber attack in which the attacker used the company's software reputation service and certificates to distribute malware to target customers. "After being hacked, we made a huge investment in cyber security," said Hazzard to Ars, "but that was clearly not enough."
The Hazzard team made Wolpoff's company "come to us at the national level" to strengthen his defense. "Elk followed us hard and we learned that two things were happening – we had a much better view of our target and we could better understand and protect our crown jewels – that was important for the business."
In 2018, Hazzard left Carbon Black, which was acquired by VMWare (a transaction that closed in October 2019). "I knew I was going to start another company and knew that (the red teaming business) needed to be modernized," he said. Hazzard turned to Wolpoff again with the idea of transferring software-as-a-service scalability to the world of security testing. "We are trying to get the experience of the red team into the hands of every CISO," he said. "How do you set up defenses when you don't know how the attacker will approach you? The overall goal of Randori Attack is to be a SaaS platform that reflects the enemy and how they approach you."
Wolpoff explained that the SaaS model enables higher investments in research and attack development than the traditional economy of the red teaming business – "the same level of investment as a state actor". Instead of creating custom tools for each job, Randori researchers and developers can create a "run book" for each emerging vulnerability and then convert it into an automated set of software that is delivered through Kubernetes instances or other cloud-based applications can become computing resources to mimic what a real attack would look like for their customers.
Randori's intelligence system and the attack platform work together to continuously seek, discover and exploit vulnerabilities in customer networks from outside. This enables CISOs to dynamically control the scope of the tests as soon as new vulnerabilities are discovered. The entire service can be managed through a web console with a dashboard that informs security teams of Attack's latest findings.
Greenhill & Co., a New York-based independent investment bank, is one of Randori's first clients and an example of the type of company Randori is targeting for its product – a company with approximately 500 employees in an industry that meets these requirements for strong security, but without the resources for an internal red team. "Red team engagements are the gold standard in security testing, but they're too expensive to be done frequently," said John Shaffer, CIO of Greenhill, in a statement from Randori. "Randori's automated methodology closes the gap and gives me the opportunity to work continuously." Test my tools, employees and processes based on real scenarios. In the past year, Randori has significantly improved my visibility in our security stack and has been an agent that has changed our internal security culture. "