WebsiteLinkedIn

Emulation Vectors

  1. Network: This vector choice is intended to test security platforms such as firewall, IPS/IDS, and others.

  2. Endpoint: This vector choice is intended to test security platforms such as anti-malware, Endpoint Detection and Response (EDR) and others. This vector includes the combination of the previous vector: Network security.

  3. Execution: This vector possibility is intended to perform the real execution of samples on the Endpoint. This vector includes the combination of the two previous vectors: Network security and EPP. This vector is the default possibility.

Network Vector Validation In this vector, we send actual malware through an unencrypted channel, bypassing any VPN or tunnel. As the malware encounters your cybersecurity elements, it tests the efficacy of your security solutions. 

Whether it be firewalls, IDS, IPS, NDR, or other products, their performance is determined by how well they identify, prevent, and alert in response to the real threat. Our platform does not rely on integrations, guaranteeing genuine assessments of your cybersecurity posture.

Endpoint Vector Validation

For this validation, we deploy the EVE agent (Agent) on a virtual machine (recommended) that mirrors the configuration, policies, and integrations of the zone being evaluated. The threat agent creates a safe and isolated environment, blocking all communications and ensuring nothing escapes. If the malware reaches the endpoint, it assesses the effectiveness of your security products, such as antivirus, EDR, XDR, or other solutions. The objective is to validate whether these security measures generate real alerts, quarantine samples, and adhere to company protocols.

Execution Vector Validation

In the final phase, we execute the malware to challenge advanced agents claimed or believed to be functioning. This rigorous execution evaluates the effectiveness of your security solutions in identifying and mitigating malicious samples. If the security products perform as expected and mitigate the threat successfully, the endpoint remains uncompromised. However, if the malware persists and the security products fail, the endpoint will be marked as compromised.

Our platform ensures a robust and secure environment for these assessments. With the capability to create snapshots, we can revert to a clean state and retry the emulation. This process allows your analysts, engineers, and incident response teams to validate their mitigation and response protocols effectively.

Our commitment to using real malware sets us apart from others, enabling us to deliver unparalleled validation of your cybersecurity defenses. The absence of licensing restrictions on event-based emulation allows us to perform simulations as many times as necessary to ensure your organization's utmost protection

PreviousEmulation StatesNextContinuous Validation

Last updated