Have you ever wondered, do my Security Controls really work?
If you are one of those who implement security controls, and you cling to the idea that your network is secure just because you have them, without really verifying them, you don’t have the budget for a penetration test and you want to avoid seeing the following message…
You are in the right place! Continue reading…
What is Infection Monkey?
Infection Monkey is an open source breach and attack simulation (BAS) tool that assesses the security of environments. Developed by Guardicore
What does Infection Monkey offer?
- Automatic Attack Simulation: Simply install the agent on a random machine and automatically discover its security risks.
- Continuous and Secure Assessments: Run Infection Monkey around the clock to identify new security risks and validate existing security controls as your environment changes. Non-intrusive, with no impact on your network.
- Actionable Recommendations: Infection Monkey’s assessment produces a detailed report with remediation tips, including a visual map of your network from the attacker’s point of view to better understand your network.
When to use it?
- Environment update or change of applications: This allows you to ensure you are not leaving windows open for attackers and validate security controls.
- Ongoing Security Validation: Helps ensure that your security controls are in place, properly configured and capable of detecting and blocking a real-world attack.
Does this mean that Infection Monkey is a Vulnerability scanner?
Absolutely NO
Infection Monkey works in the same way as a real attacker would, starting from a random location in the network and propagating from there, while looking for all possible paths of exploitation.
How does it work?
Infection Monkey works in a client-server architecture in which the main server, known as Island Server, receives, processes and graphs all the information received by the Infection Monkey agent, which performs the network scanning process, vulnerability identification, vulnerability exploitation, lateral movements, persistence and simulation of information exfiltration.
Report
Infection Monkey generates 3 types of reports:
- Technical Report: which indicates in detail everything executed by the agent during the automated penetration test.
- Zero Trust Report: following the ZTX Zero Trust eXtended framework provides all necessary information relevant to this framework and the respective remediation to reduce and/or eliminate the exploited vulnerability.
- ATT&CK Report: better known as Adversarial Tactics, Techniques and Common Knowledge. Monkey rates his network on the attack techniques he tried. For each technique, you can obtain:
- Red: monkey successfully used the technique in the simulation. This means that your network is vulnerable to this technique.
- Yellow: monkey tried to use the technique, but failed. That means that your network is not vulnerable to the way Monkey employs this technique.
Conclusion
- It’s not just a matter of installing security controls, it’s about validating that they actually work.
- Breach and Attack Simulation (BAS), helps us test our security systems the way an attacker would.
- Test the security of your environment before a cybercriminal does.
Do you have any advice? If so, feel free to let us know below in the comments.