A year after its launch, cyber attack simulation platform SCYTHE has secured a $3 million investment. The investment was led by Ron Gula of Gula Tech Adventures who will also join the Scythe board. SCYTHE is a software platform that allows organisations to build cyber security training that mimics real-world attack scenarios.
According to Gula: “SCYTHE is a technology every enterprise red team should have so they can prepare the blue team for engagements with cutting-edge offensive teams. The average dwell time of undetected compromises is currently measured in months and SCYTHE enables the red team to give the blue team something realistic to hunt.”
What is Scythe?
SCYTHE is a software platform that can be deployed inside an organisation to train staff on how to deal with a cyber attack. This allows for continuous training of staff rather than occasional visits to a cyber range. One of the advantage is that IT security teams can run through previous attacks. This gives them an opportunity to look at alternative solutions and create better response plans.
When asked about this Bryson Bort, CEO at SCYTHE told Enterprise Times that customers can: “set them up in the Threat Catalog with their defined characteristics and include their TTPs (techniques, tactics, and procedures) which will automatically run when you launch the campaign. The full reporting integrates into Splunk for analysis and an executive report summarizes activities and recommendations for remediation.”
Some organisations may not have much in the way of captured attack data. We asked Bort if SCYTHE came with a library of scenarios. He replied: “We took a different approach by defining the entire potential attack space instead of copying campaigns as they’re seen in the wild. This allows you to test campaign types before they have even been invented. SCYTHE has over two-dozen Communication and Capability Modules (more in development and customers can build their own with our SDK) which can be combined to create a large number of permutations for scenarios. Additionally, the Threat Catalog currently has a dozen pre-packaged scenarios ready for deployment.”
One of the problems with scenarios and exercises is that they rarely replicate a users environment. As this is a software platform, we were interested in how this would integrate with existing customer systems. Bort told us: “SCYTHE’s platform is not agent-based and is designed to be used in your production environment. We built in multiple safeguards and the customer is in complete control of the platform’s actions with real-time visibility and auditing. Our implants are designed to function like actual malware and can be deployed using a variety of both built-in and third party techniques for access and simulated exploitation.”
Widening the cyber security expertise
SCYTHE is likely to appeal to large organisations who are investing heavily in cyber security training. This is not just enterprise customers. There has been a significant increase in the number of organisations offering managed security services (MSS). While many of these have their own experienced teams that work with customers, there is still a need for training.
Some MSS providers have built their own cyber ranges. However, the software nature of SCYTHE and its ability to ingest data from existing environments will still appeal to these organisations. It will allow them to capture the various attacks that are spotted by Security Operation Centres (SOCs). There is room here for some of these organisations to build their own scenarios for SCYTHE and offer those to customers.
Another growth area has been in threat intelligence. Organisations are beginning to pull in information from various feeds although the quantity can be overwhelming. However, building training scenarios on new attacks will help companies to ensure the IT Security teams are as prepared as they can be. Bort told us that: “With SCYTHE’s campaign automation tool you can create complex threat scenarios in minutes which can be saved and repeatedly used. We are in the process of working with a number of industry leading threat intelligence providers towards automated threat importation.”
What does this mean
Retaining skilled cyber security staff is no easy task today. The better they get, the more money and benefits competitors will offer in order to poach them. This creates a problem for many organisations. They want to use training as a benefit to persuade staff to stay. However, the cost of training courses and the risk of losing staff is a major inhibitor to sending staff on course.
SYCTHE, unlike many other cyber range solutions, can be deployed into existing environments. It requires no specialist hardware and that will appeal to a lot of people worried about cost. Importantly, it can be fully integrated into existing systems so that cyber attack simulations become truly company focused. This will allow IT security teams, and everyone else involved in incident management, to tune their processes and response plans.
This is the first investment that SCYTHE has sought. It leaves open some questions. Will it be the last? Can it quickly become self funding? Which of the big security vendors will look to invest and potentially acquire the platform as it evolves? Will we see SCYTHE create a cloud-based offering to deliver public training?