Endpoint Security

Attack Vector

Cymulate’s Endpoint Security vector challenges your endpoint security controls and checks whether they are properly tuned to defend you against signature and behavior-based attacks.

Endpoints have become the target of choice by hackers. Users’ workstations within a network domain are also points of entry for attackers. That’s why organizations reinforce their endpoints with layers of protection such as antivirus, antispyware and behavioral detection solutions. They even deploy highly sophisticated deception systems to lead attackers away from the real endpoints and lure them to honeypots and traps.

However, as repeatedly witnessed in the headlines and based on the Cymulate Research Lab’s findings, security measures such as EDRs EPPs and AVs still fall short and miss out on different types of worms, ransomware and Trojans, thus allowing access to cybercriminals, malicious hackers and rogue insiders.

One discovered last year involved a malicious Iranian-based attacker who launched a widespread spear phishing campaign targeting government and defense entities. The spear phishing emails had malicious macro-based documents attached to them using socially engineered methods enabling Indirect Code Execution through INF (Setup Information) and SCT (Scitex) image files.

That malicious macro in the document dropped files, one of which was an SCT file, which on its own does not sound malicious, but contained a VBS script that can be executed from REGSVR32 and was therefore hidden and could bypass endpoint security solutions.

The main function performed by the SCT file was to Base64 decode the contents of WindowsDefender.ini file and execute the decoded PowerShell. Once successfully executed, the POWERSTATS backdoor enabled the attackers to get a foothold within the organization to reach sensitive information.

Cymulate’s Endpoint Security vector allows organizations to deploy and run simulations of ransomware, Trojans, worms, and viruses on a dedicated endpoint in a controlled and safe manner. The attacks simulation ascertains if the security products are tuned properly and are actually protecting your organization’s critical assets against the latest attack methods. The comprehensive testing covers all aspects of endpoint security, including but not limited to: behavioral detection, virus detection, and known vulnerabilities.

The endpoint attack simulation results offer immediate, actionable results, including Cymulate’s risk score, KPI metrics, remediation prioritization and technical and executive-level reporting.

Learn more about Other vectors

Recon

Automate cyber-intelligence gathering, analysis and risk rating providing businesses guidance to reduce their attack surface.

Email Gateway

Test Your E-Mail Security With Cymulate’s Vast and Diverse Email Solution.

Web Gateway

Test Your HTTP/HTTPS Outbound Exposure to Malicious Websites.

Web Appliocation Firewall

Test Your WAF Security Posture to Web Payloads and Protect Your Web Apps.

Endpoint Security

Test if your Endpoint solutions are tuned properly and if they are protecting you against the latest attack vectors.

Lateral Movement

Test Your E-Mail Security With Cymulate’s Vast and Diverse Email Solution.

Data Exfiltration

Challenge your DLPcontrols, enabling you to assess the security of outbound critical data before your sensitive information is exposed.

Immediate Threat

Challenge your internal networks against different techniques and methods used by attackers to gain access and control

Full Kill-Chain Advanced Persistent Threat

Full Kill-Chain Advanced Persistent Threat

Purple Team Simulation

Customized and automated security validation and assurance.