SafeBreach Brings Risk Metrics to Attack Simulation Platform

SafeBreach's latest platform update provides enhanced email security simulations to help organizations identify and remediate potential risks.

SafeBreach Breach Simulation Dashboard

SafeBreach announced on Aug. 20 that it is expanding its breach and attack simulation platform with enhanced attack simulations and new board-level risk metrics.

The SafeBreach Q3 summer release provides new email and ransomware attack simulations that can help organizations test cyber-resilience. Among the enhancements in the ransomware feature is the ability to simulate the impact of file encryption on an organization.

"The SafeBreach email simulations now enable security teams to validate the efficacy of email security controls," Guy Bejerano, SafeBreach CEO and co-founder, told eWEEK. "Malicious emails are a key infiltration phase of many of today's attacks, which is driving investment in secure email gateways and other controls."

SafeBreach is in the business of enabling organizations to experience the impact of a breach safely to test controls and incident response processes. The company's platform first became generally available in January 2016 and has steadily been improved ever since. On May 8, the company announced $15 million in new funding to help advance its technologies.

As part of the new email security capability, SafeBreach simulates malicious emails to see if, for example, malicious attachments are stripped, or emails are blocked entirely, before making it to user inboxes.


While the SafeBreach platform had previously included ransomware simulation capabilities, those have been extended in the update.

"We also extended ransomware simulations to file encryption, meaning that we create directories of files and simulate a ransomware that encrypts these," Bejerano said. "It’s really the last mile of ransomware and allows us to see how well behavioral-based endpoint security controls perform." 

SafeBreach simulates attacker behavior, he said. So for ransomware, the platform includes initial infection across multiple vectors including web, email, endpoint infection/installation, lateral spread and file locking. 

"This is consistent with the goal of Breach and Attack Simulation, which is to simulate the adversary to validate defensive tools, teams and processes," he said.


A key part of the SafeBreach update is the inclusion of what the company refers to as board-level risk metrics. Those metrics aim to help executive management understand and gauge the current cyber-security posture for the organization. Among the metrics included is an understanding of how security controls are able to perform against US-CERT alerts. 

Bejerano said the metrics also look to help management understand how well critical assets and data are protected and how they are vulnerable to attack. In addition, SafeBreach provides a general security risk score for organizations based on how many simulated attacks are successful across the kill chain and methodologies like the MITRE ATT&CK Framework.


Simulating a breach provides an organization with a wealth of data on what is potentially at risk. Going a step further, SafeBreach now has an integration with security orchestration vendor Demisto to help organizations remediate identified issues.

Bejerano said the Demisto integration enables SafeBreach to send simulation findings directly to Demisto for automated remediation. 

"Within Demisto, security teams define an automated workflow logic of security actions that automatically remediate issues that SafeBreach finds," he said. "For example, if SafeBreach identifies malware that is able to bypass an existing security control like IPS, Demisto can orchestrate the appropriate configuration changes to the IPS to address this."

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.