System Deployment

OVERVIEW

This course will lead you through the installation and implementation of SafeBreach in your organization’s network. Follow the steps and install the platform. By the end of this course, you can start using the product and run attack simulations and scenarios by yourself.

In this course, you will learn :

The different deployment options
To create a representative deployment of your organization’s network
To install simulators on Windows and Linux machines
To set up initial integrations and to configure the system for your needs

Lesson 1 – Deployment Options

SafeBreach offers two deployment options – On-premise and cloud (SaaS). If you are deploying in cloud, you can skip the next video. If not, watch the video to understand the on-premise method :

Lesson 2 – On Premises Deployement

If you will are deploying the system on-prem, watch the next video. If not, skip to lesson 4 – Simulators installation.

After you have deployed your management server, you may need to deploy a collector that will gather the information from your security controls and transfer them through one port to the management service. With an on-premise deployment, you will probably use a collector to aggregate data from the security controls and transfer them to the management service.

Lesson 3 – Collectors Deployement

This video will guide you in the collector`s deployment process:

Now, you should have the SafeBreach management service up and running. You can move on to the next lesson and deploy the simulators.

Lesson 4 – Simulators Installation

The simulators will be deployed in your system and will be used as sensors. They will attack and defend your systems during the scenarios, and provide details about vulnerabilities and breaches. The simulators deployment should represent your network, and their deployment position is important for the effectiveness of the service. This video will demonstrate the correct way to deploy them :

The installation process of the simulators is easy and done via the wizard. Learn how to install the simulators in Windows and Linux machines :

Simulator Installation – Windows

Simulator Installation – Linux

Lesson 5 – Allowlist Simulators

The simulators may be detected as malicious by the security controls, so there is a need to set some files as exceptions to your security controls. This video will explain how to do that :

Lesson 6 – Simulator Roles

Simulators can play different roles. To receive the maximum value from your deployment, you will need to assign the correct roles the the correct simulators. Watch this video and learn how to set rules to the simulators:

Lesson 7 – Data Assets Configuration

The next step in configuring the simulators is assigning data assets to the simulators in the representative locations. The attack scenarios will simulate trying to “steal” the data assets during tests. Watch the video to learn about data assets:

Lesson 8 – Proxy Configuration

If your organization is using proxy servers, watch the next video to learn about proxy configuration. If not, you can skip to the next video.

Lesson 9 – Critical Service Assignment

The last step in the configuration of the simulators is critical service assignments. Mark the simulators that represent the critical segments of your organization. An accurate map of your critical segments will lead to accurate reports.

At this point, you should have all your simulators installed and configured. The last step of the implementation is general configurations. Move on to the next lesson:

Lesson 10 – Initial Intergrations

Your system is ready for running tests. Now you should integrate it to your existing systems and security controls, to complete the circle and receive accurate data about detections and preventions from your security controls. This video will explain about the process of integrations:

At this point, go and integrate your security controls with SafeBreach. You can have a look at the video library and look for integration tutorials of specific vendors.

Lesson 11 – Impersonated Users

Configure impersonated users for your simulators. This will allow you to test all your users’ privileges in simulated attacks.

Lesson 12 – SSO Configuration

If you want to allow users to sign in to the SafeBreach platform via SSO (SAML or LDAP), watch this video to learn how. If not, skip to the next video.

Lesson 13 – Email Attack Configuration

Set up an email server to simulate email attacks. Email server configuration will enable many email attacks in the Playbook.

Lesson 14 – Cloud Configuration

Integrate SafeBreach to AWS or Azure to enable cloud attacks.

Lesson 15 – Advanced Actions

SafeBreach provides many actions that simulate attacks more realistically, like loading real malicious files to your system’s memory. Watch this video to learn how to safely enable them:

Quiz time

1 / 3

Why is it important to whitelist the simulator files?

They might seem "threatening" by some EPPs

They can take too many computing resources

They can be exploited by the user

2 / 3

Why should we configure impersonated users?

In order to manipulate the system status

In order to test attacks and run commands with different privileges

In order to use more computing resources

In order to gain access to all the product features

3 / 3

Which integration is the most important?

Vulnerability Management integration - helps to define the systems status

EDR integration - helps us with the threat mitigation

SIEM integration - allows us to collect data and determine attack results

Your score is

Congratulations !

You have finished the system deployment course. Proceed to the next course – attack course

Proceed

15

16

Advanced

04:15h

English

Table of Contents