OVERVIEW
This course will guide you through the installation and implementation of SafeBreach. By following the outlined steps, you’ll successfully set up the platform either in your own environment to deliver MSSP services or directly within your client’s network. By the end of this course, you’ll be fully prepared to run attack simulations and scenarios independently for your clients.
In this course, you will learn :
- Explore various deployment options to fit your clients’ needs
- Create a deployment that accurately represents an organization’s network
- Install simulators on both Windows and Linux machines
- Set up initial integrations and configure the system to align with your clients’ requirements
Lesson 1 – Deployment Options
SafeBreach offers two deployment options – On-premise and cloud (SaaS).
Lesson 2 – On Premises Deployement
If you are deploying the system on-prem, watch the next video. If not, skip to lesson 3 – Collector Deployment.
Lesson 3 – Collector Deployement
Collectors are required whenever the management console cannot directly connect to security control tools. They aggregate data and simplify communication by encrypting and tunneling all traffic through a single SSL connection to and from the management console, eliminating the need to open multiple ports. However, collectors are not needed for security controls with cloud-based APIs that the management console can directly access. This video will guide you through the collector deployment process.
Lesson 4 – Simulator Installation
Simulators act as sensors within your system, designed to simulate attacks and defenses during various scenarios. They provide detailed insights into vulnerabilities and potential breaches. To maximize their effectiveness, it is crucial to deploy the simulators in positions that accurately represent your network. In this video, you’ll learn the proper method for deploying simulators to ensure optimal performance:
The simulator installation process is quick and straightforward, guided by an intuitive install wizard. Discover how to install the simulators seamlessly on both Windows and Linux machines:
Simulator Installation – Windows
Simulator Installation – Linux
Lesson 5 – Allowlist Simulators
The simulators may be detected as malicious by the security controls, so there is a need to set some files as exceptions to your security controls. This video will explain how to do that :
Lesson 6 – Simulator Roles
Simulators can serve various roles within the deployment. To ensure your clients receive the maximum value, it’s crucial to assign the appropriate roles to each simulator. Watch this video to learn how to configure simulator roles effectively.
Lesson 7 – Data Assets Configuration
The next step in configuring the simulators is assigning data assets to the simulators in their representative locations. During attack scenarios, these data assets will be targeted in simulated attempts to “steal” them. Watch the video to learn more about data assets and how to configure them.
Lesson 8 – Proxy Configuration
If a clients’ network is using proxy servers, watch the next video to learn about proxy configuration. If not, you can skip to the next video.
Lesson 9 – Critical Service Assignment
The final step in configuring the simulators is assigning critical services. Identify and mark the simulators that represent the most vital segments of your organization. An accurate mapping of these critical segments ensures more precise and actionable reports.
At this point, you should have all your simulators installed and configured. The last step of the implementation is general configurations. Move on to the next lesson:
Lesson 10 – Integrations
Your system is now ready to run breach and attack simulations. However, integrating it with your existing systems and security controls is essential to complete the feedback loop. This enables you to access accurate and actionable data on both detections and preventions.
SafeBreach supports seamless integrations with various third-party vendors to enhance your security ecosystem.
Integration types:
Automatically correlate simulated attacks with security events from multiple sources. Integrations include Arcsight Logger, Azure Sentinel, Firepower, Google Chronicle, LogRhythm, Netwitness Platform, QRadar, Splunk, and more.
Automatically correlate simulated attacks with security events pulled from the specific endpoints and network controls. Integrations include Carbon Black Defense, Cisco AMP, Cisco Secure Email, Cisco Umbrella, Cortex XDR, CrowdStrike Falcon, Cybereason, Cylance Protect and Optics, FireEye HX, BigQuery, McAfee ePO, Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Palo Alto Panorama, SentinelOne, Tanium Threat Response, and more.
Prioritize vulnerabilities by exploitability and impact based on SafeBreach simulations. Integrations include Tenable Nessus, Qualys, Rapid7 Nexpose, Tenable.io , Tenable.sc., and more
Simulate attacks generated from IOCs of the latest threats. Integrations include Alienvault OTX, ThreatConnect, ThreatQ, Unit42, VirusTotal, and more.
Receive notifications about system events and create incidents for automated remediation actions. Integrations include Email Notifications, Jira Service Desk, Cortex XSOAR, ServiceNow, Slack, Splunk Phantom, Syslog CEF (outbound), and more.
For detailed, step-by-step guidance on integrating with specific vendors, visit the integrations section in our video library. (opens in new tab)
Lesson 11 – Impersonated Users
Configure impersonated users for your simulators. This will allow you to test all your users’ privileges in simulated attacks.
Lesson 12 – SSO Configuration
If you want to allow users to sign in to the SafeBreach platform via SSO (SAML or LDAP), watch this video to learn how. If not, skip to the next video.
Lesson 13 – Email Attack Configuration
Set up an email server to simulate email attacks. Email server configuration will enable many email attacks in the Playbook.
Lesson 14 – Cloud Configuration
Integrate SafeBreach to AWS or Azure to enable cloud attacks.
Lesson 15 – Advanced Actions
SafeBreach provides many actions that simulate attacks more realistically, like loading real malicious files to your system’s memory. Watch this video to learn how to safely enable them:
Congratulations !
You have finished the Post-Sales Deployment/Implementation course.
Click “Proceed” to begin the certification exam and submit your request for certification.
