The EITS Attack Simulation takes some pretty advanced concepts from penetration testing, automates them, and makes it easy to deploy in any customer environment. What is interesting is it’s not quite a penetration test. So, let’s talk a little bit about what penetration testing is. A penetration test is where an ethical hacker tries to maneuver throughout the customer network, exploit various vulnerabilities, elevate access, and essentially steal all the information they can. This is not a full pen test because you cannot automate a pen test; it is just impossible. The EITS Attack Simulation does an excellent job of automating as many penetration test aspects as possible based on several real-world malicious actor campaigns.
Many different cyber gangs operate and through ransomware or other methods, cyber-attack organizations make or, more accurately, steal money. The common term in cyber lingo is APT (Advanced Persistent Threat). Another common acronym is TTP (Tactics, Techniques and Procedures). That is how the organization goes about attacking and maintaining control of the things they’ve hacked and how they stay hidden. It’s how they elevate access, steal, and exfiltrate your information. All of this is the TTP. Why does that matter? The EITS Attack Simulation takes all those decently well-known tactics and techniques and automates them so that you can run a simulated attack on your environment. You can simulate what these gangs would do if they were to get a foothold in your organization.