advanced modules
VERODIN SIP CAN BE EASILY EXTENDED TO SUPPORT ADVANCED USE CASES

Advanced Environmental
Drift Analysis (aeda)

Continuous test execution is not enough to detect environmental drift. A complete analysis of test results compared to a known-good baseline is needed. Customers need to know more than if a threat is still being blocked or not. They need a full analysis of what it takes for defenses to be successful:

Visibility  >  Prevention  >  Detection  >  Event Flow  >  Alerting

Automated and continuous analysis of this Effectiveness Validation Process (EVP) compared to the known-good baseline across a customer's business zones is exactly what AEDA does. Think of AEDA as a "team of engineers in a box," constantly analyzing the environment for drift and proactively bringing it to your attention before it is too late.

protected
theater

One challenge defenders face is that IT typically owns and controls endpoint images. This results in defenders not being able to easily answer questions like, "Is our endpoint security tool configured to block ransomware 123?" Verodin SIP's Protected Theater module enables defenders to quickly test their IT images with real malware to determine what threats their endpoint controls will and will not block. Protected Theater is not required for testing endpoint controls, but it offers the ability to safely perform potentially dangerous and destructive tests on customers' endpoint defenses.

email
theater

Verodin SIP's Email Theater enables the validation and tuning of email security tools, such as Proofpoint, Symantec, Mimecast and Ironport. It leverages a dedicated email account to send threats, like malware and spearphishing links, into the enterprise and send sensitive information, like PII and PCI data, out of the enterprise. Email Theater supports Office 365, Microsoft Exchange and other standard email platforms.

CLOUD
THEATER

Verodin SIP's Cloud Theater module is a Verodin-hosted, external Actor. It provides quick and easy access to an external Actor that can be used for ingress and egress tests like malware download, C2 traffic and data exfiltration. There is no requirement to use Cloud Theater — some organizations choose to host their own external Actors, while others use a mix of Cloud Theater and their own hosted Actors.

advanced modules faq

Is the Protected Theater module required to test endpoint controls?

No. Verodin SIP’s Actor software can be installed on any production host to test endpoint controls without needing the Protected Theater module. Any Endpoint Actor can test “non-destructive” behaviors, which include things like privilege escalation from mimikatz, data exfiltration and much of the content derived from the MITRE ATT&CK framework. Only potentially destructive use cases require Protected Theater.

What is the use case for the Protected Theater module?

SOCs have a basic challenge of being ultimately responsible for defense, but needing to rely on the broader IT team for many tasks. This challenge often impacts the SOC’s visibility into how endpoint defenses are ultimately configured. As executives ask questions like, “Will we block ransomware 123 or attack XYZ?”, analysts are not always sure how the endpoint defenses are configured and if they are even up-to-date.

The Protected Theater enables SOCs to quickly test their endpoint defensive gold images against REAL malware to determine if the defenses are configured to detect and block the threat at the endpoint. Protected Theater enables analysts to quickly answer questions about what will and what will not be blocked on endpoints.

What is the difference between AEDA and Continuous Validation?

The primary difference is that “continuous” simply implies that an action can be run over and over again – whether this is manually or on a schedule. There is nothing intelligent about “continuous”.

What customers want is to understand if the environment has changed and broken their defenses. Customers want to continuously compare to a known-good baseline and intelligently understand if something has changed in controls visibility, prevention configuration, detection events generated, event flow and configuration and, ultimately, if an alert will fire at the event’s final destination.

Verodin SIP’s Advanced Environment Drift Analysis (AEDA) module is like a "team of engineers in a box", continuously comparing your control environment against your known-good baseline and alerting if any aspect of the Effectiveness Validation Process breaks down. AEDA is critical in combating environmental drift.

Can Email Theater test Office 365?

Yes. Any email system supporting POP3 or IMAP for receiving and SMTP for sending can leverage Verodin SIP’s Email Theater module. SSL and/or TLS are both supported for sending or receiving.

business need
Controls EffectivenessOptimize and RationalizeEnvironmental Drift DetectionUnderstanding Risk
technology
Security Instrumentation Platform (SIP)Advanced ModulesOperationalizing SIP
company
About UsNewsroomEventsPartnersJoin the TeamResourcesBlog
Global Headquarters
8200 Greensboro Dr., Suite 1400
McLean, VA 22102, USA

©2018 Verodin Inc. All Rights Reserved
Questions? Ask us anything.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
1-571-418-8684
Contact
request a meeting
request meeting
business need
Controls EffectivenessOptimize and RationalizeEnvironmental Drift DetectionCyber Risk
technology
Security Instrumentation PlatformAdvanced ModulesControls Auto DiscoveryOpen Content LibraryOperationalizing SIP
company
about usNewsroomEventsPartnersJoin the teamresourcesblog
Questions? Ask us anything.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
1-571-418-8684
Contact
request a demo
© 2018, Verodin, Inc. All Rights Reserved.
made in virginia
Privacy
contact
call us
support
demo
Business Need
technology
company
resources
blog
return
Controls Effectiveness

It is critical that businesses have evidence that the controls protecting their critical assets are effective and remain so.

Optimize & Rationalize

Leverage instrumentation to optimize existing controls and rationalize true gaps and overlap so that you can rest easy from a position of knowledge.

Environmental Drift Detection

Automated and continuous analysis of customer business zones for drift is necessary for proactively surfacing risks.

Understanding Risk

Organizations need to answer specific risk questions and make evidence-based decisions without assumptions.

return
Security Instrumentation Platform (SIP)

SIP instruments customer IT environments to test the effectiveness of network, endpoint, email and cloud controls.

Advanced Modules

Verodin SIP can be extended to support advanced use cases. Learn more about Verodin Advanced Environmental Drift Analysis (AEDA), Protected Theater, Email Theater, and Cloud Theater.

SIP Operationalization

Verodin SIP is foundational to all aspects of cybersecurity across people, process, and technology. Execute evidence-based, assumption free security in day-to-day processes.

return
About Verodin

We're not your average cybersecurity firm. Learn more about us and our mission.

Events

Register now to come meet us at an upcoming security industry event near you.

Partners

Verodin has a diverse, global customer base and is backed by world-class investors.

Join the Team

We're looking for motivated team players who are ready to pioneer the future of security instrumentation.

Newsroom

The latest industry news and Verodin mentions in the media.

return
Resource Center

Interviews, helpful documents, webinars, podcasts, community buzz.

Podcast

Join host Brian Contos and security experts from around the globe on the Verodin Cybersecurity Effectiveness Podcast.

Speaking Bureau

Schedule a free, in-person talk for your team with differing levels of sophistication to meet your needs.

Verodin Blog

Check out our latest in-house content regarding the latest and most relevant trends in cybersecurity.

return
Verodin Blog

Check out our latest in-house content regarding the latest and most relevant trends in cybersecurity.

categories
Security Highlights
Office of the CISO
Verodin Culture
Product Tutorials
Guest Bloggers
Behavior Research Team (BRT)
1-571-418-8684
Contact
Support