START YOUR JOURNEY
Welcome to the SafeBreach onboarding journey!
Here you will learn about Breach and Attack Simulation(BAS) basics and about SafeBreach platform principles. We will walk you through the process of setting up the SafeBreach platform beginning with deploying and installing simulators in your network. We are here to make this process as smooth as possible.
We recommend that you complete these steps in advance so you can get the most out of our kickoff call.
This section’s objectives are:
- Allow simulator files to run by adding them to the Allowlist
- Configure impersonated users with representative privileges
- Configure your security control and other integrations
- Conduct a “kickoff call” with your customer success manager
Step 1 – Allowlist Simulators
To allow SafeBreach’s simulators to run in your network, we recommend applying the required following exclusions.
Some EPPs (Endpoint Protection Platforms), like Windows Defender, might see our simulator processes as a threat and will block them from running.
Step 2 – Impersonated Users
Users have different sets of privileges and permissions. We simulate operations as these users to make sure the system only allows users to do operations they are allowed to do.
To make this happen, you’ll first need to define each type of user. SafeBreach will use those impersonated user roles while running tests.
Just go to Administration > Attack Setup > Impersonated Users to define each type of user. You can also use our CLI (Command-Line Interface) or API (Application Programming Interface) interfaces to define them.
Step 3 – Integrations
Are you ready to level up your SafeBreach experience? We’ve got great news! Our platform supports a growing number of third-party integrations to make your life easier and your security stronger! There are five different types of integrations, each with a unique purpose.
Check out this video below to learn about one of them, and get ready to integrate like a pro!
Step 4 – SIEM
With SafeBreach’s SIEM (Security Information and Event Management) integration, you can join forces with your security devices to take down the bad guys. When a simulation is triggered,SIEM integration can help you figure out if your devices detected it and even provide details on the events. It’s like having a personal sidekick to help you prioritize and take down the threats that matter most.
Take a look at this example of SafeBreach integrated with Splunk for a better understanding of how SIEM integration can benefit your organization.
Step 5 – Advanced Actions
SafeBreach simulations are like ghost pranks – they don’t leave any trace! However, some of our simulations are so realistic that they may interact with the environment in ways that generate a bit of impact. No need to worry though, we’ve got you covered!
Check out our advanced actions configuration and learn how to handle these realistic simulations like a pro!
Step 6 – Alert Communication
SafeBreach identifies and prioritizes risks to help inform which issues to handle first.
The prioritization process is based on simulations that may, themselves, generate events and alerts. This guide is to help security engineers distinguish between alerts from actual threats and simulated threats in order to facilitate handling real incidents by priority.
Learn about the events matching process:
KICKOFF CALL
The next step is the Kickoff call. In this introduction call SafeBreach will define the KPIs and the success criteria and start developing a business plan with you. By the end of this call, SafeBreach will schedule future meetings and start the official onboarding phase!
To prepare for this meeting :
- Send the meeting invitation to the relevant team leads
- Write notes and questions to ask SafeBreach’s sales engineers during the call
Quiz time
Congratulations !
You have finished the first part
Proceed to the next part – Deploying Simulators
