New security platform uses live attacks to evaluate risk
One of the hardest things for security teams to do is accurately evaluate the level of risk that their organization is facing.
Cyber security firm Nehemiah Security is launching the latest version of its AtomicEye RQ (Risk Quantifier) platform that can calculate a system's exploitability and generate comprehensive risk reports.
It works by deploying live attacks on a simulation of a real network. It's thus able to assess a network's resiliency to being attacked by any combination of hundreds of thousands of exploits, and provide actionable intelligence that prioritizes what actions to take to make it more secure.
"When designing armor, you have to anticipate the entire array of weapons your adversary is likely to use against you. Then the only way to assess effectiveness is to actually use the weapons against the armor and calculate the damage," says Jason Syversen, CEO of Nehemiah Security's innovation lab. "This is precisely the thinking behind AtomicEye RQ's continuous-and automated-attack methodology. The advancements being made to AtomicEye RQ are just getting started, and the platform is already solving critical cyber security risk challenges within banks, healthcare facilities and manufacturers around the world."
AtomicEye RQ first discovers every device connected to the network, regardless of the protocol it uses, to address vulnerabilities by scanning the entire IT environment. It then inventories hardware, software and patches for every device, including logging their configurations, policies, and security settings.
Once the discovery is complete AtomicEye RQ uses it to build an emulation of the network, and launch attack experiments. These attacks leverage a vast library of real exploits harvested from the wild and the front-lines of cyber security over the last 10 years. By using real attacks against an emulation of a real network threats can be accurately assessed.
Finally the software generates technical and financial risk reports, allowing organizations to prioritize their security risks according to their potential business impacts.
You can find out more about AtomicEye RQ on the Nehemiah website.