Beyond the Breach: A SafeBreach Newsletter
For the CISO
The top-of-mind-topic for today’s cybersecurity leaders.
In an ever-evolving threat landscape, CISOs are under constant pressure to choose tools that actually improve their security posture. But with a million and one options on the market, how do you avoid getting caught up in the hype and get to what really matters? It begins with asking the right questions. You know not to just chase the latest trend—demand clear evidence of value. Does the tool provide any actionable insights? Will it integrate smoothly with your already-existing tech stack?
Before investing, security teams can leverage breach and attack simulation (BAS) to assess how well the solution works in your environment against real-world threats. Once you have made the decision to purchase, continuous validation ensures you’re not just adding a layer of defense, but an adaptable, dynamic solution that stays relevant even in the face of new attacks.
Don’t hesitate to be a skeptic. Ask for proof, question vendor claims, and be sure that there’s a strategy in place to continuously evaluate a given tool’s performance. Security isn’t static—and your investments shouldn’t be either. By taking a pragmatic approach, each of your investments will enhance your overall security and align with your long-term goals.
Leverage BAS to reduce tool sprawl, validate your controls, and evaluate new technologies.?
Learn more in The Skeptic’s Guide to Buying Security Tools.
Industry News
Threats, research, and events that are making headlines.
Resource Station: Choosing the best EDR Solution
Tools and topics to make your life a little easier.?
Endpoint Detection and Response (EDR) tools are crucial for protecting an organization’s endpoints, including computers, servers, and mobile devices. By simulating real-world attack scenarios, BAS can help you assess how well your EDR solutions detect, respond to, and mitigate threats in your specific environment.?
领英推荐
Did you know that you can also leverage BAS when choosing an EDR solution? Check out some resources below to see how SafeBreach customers have utilized the platform in vendor bake-offs.?
Fresh Findings
Keeping you updated on our latest research.
What’s going on with Windows Updates? SafeBreach researcher Alon Leviev was able to take over the Windows Update process to craft custom downgrades on critical OS components, elevate privileges, and bypass security features. Essentially, he was able to make the term “fully patched” meaningless on any Windows machine in the world.
Keep an eye on Google’s Quick Share, too. ?SafeBreach Research Team Lead Or Yair and Senior Security Researcher Shmuel Cohen discovered ten vulnerabilities in Google’s Quick Share data transfer utility, some of which they assembled into an innovative remote code execution (RCE) attack chain for Windows.
Afterword?
Tidbits from the SafeBreach team.
Remember when we were recognized in the Top 100 Most Inspiring Workplaces in North America? Well watch out world: we’ve made the global list. Alongside industry giants like SurveyMonkey, PepsiCo, and Mastercard, SafeBreach was named 11th on the 2024 Global Top 100 Inspiring Workplaces List based on efforts to develop a positive and inspiring people-first culture. Learn more in the press release
In other big news, we recently announced the expansion of our channel partner program: Elevate. This update is designed to align with strategic engagement and services-based models of global security systems integrators, value-added resellers (VARs) and professional services providers.
“As a SafeBreach partner for over five years, we have always appreciated their channel-first approach,” said Mark Thornberry, SVP Vendor Management, GuidePoint Security. “We believe the newly launched Elevate program will take our partnership to the next level, providing a well-defined process to grow our partnership, enhance our return on investment and, ultimately, drive more meaningful outcomes for our clients. Learn more in the press release.