Guardicore gives Zero Trust to Infection Monkey (Image Credit: Audronė Locaitytė on Unsplash)Guardicore has unveiled new Zero Trust assessment capabilities in Infection Monkey. The open-source breach and attack simulation (BAS) tool helps security teams identify vulnerabilities that would enable an attacker to move laterally through their environment. It has been integrated with the Scout Suite open-source multi-cloud security auditing tool. This integration allows Infection Monkey to scan AWS environments and use that data to deliver a Zero Trust Report.

Ofri Ziv, VP Research, Guardicore (Image Credit: LinkedIn)
Ofri Ziv, VP Research, Guardicore

Ofri Ziv, VP Research, Guardicore, said: “The accelerated adoption of cloud workloads has elevated the risk of data being exposed either by external threat actors, or by internal vulnerabilities such as poor access control and misconfigurations. Securing this sensitive information requires a shared model of responsibility, where organisations are enforcing Zero Trust frameworks on their cloud workloads.

“The new version of Infection Monkey is one of the first tools that allows Zero Trust assessment of public cloud workloads. Today, companies migrating to AWS environments can do so securely and confidently, using Infection Monkey to rapidly identify the hidden vulnerabilities before they’re exploited.” 

What is in this new release?

There are three new features in this latest release of Infection Monkey. They are:

  • Zero Trust Maturity Assessment in AWS: Uses its integration with Scout Suite to run Zero Trust assessments of AWS environments. The goal is to identify problems with the public cloud infrastructure and provide recommendations on hardening security.
  • Expanded MITRE ATT&CK Techniques: Adds four new MITRE ATT&CK techniques to the Infection Monkey simulations. These are:
    • Signed script proxy execution (T1216)
    • Account discovery (T1087)
    • Indicator removal on host: timestamp (T1099)
    • Clear command history (T1146)
  • Critical Exploit Assessment: This tests the infrastructure to see how resilient it is to remote code execution vulnerabilities. Guardicore has now added support to test for CVE-2020-1472 — Zerologon and CVE-2019-6340 — RCE in Drupal Core.

How does Infection Monkey Work?

Infection Monkey evaluates infrastructure in three steps:

  • Simulate: An organisation can choose a machine and simulate an infection using Infection Monkey.
  • Evaluate: Once the simulation has started, it will attempt to compromise the company network.
  • Remediate: Once the simulation is complete, a series of reports are prepared that give recommendations on what action to take to harden the network.

One of the challenges for organisations at the moment is the number of users working remotely. It has led to a significant increase in the use of cloud-based tools and data sharing. Running Infection Monkey on remote devices will quickly identify the risks that those devices pose to the organisation. This is not about singling out employees and their behaviour. It is about finding where infrastructure needs to be patched and updated.

Enterprise Times: What does this mean?

Attackers are getting smarter. They no longer attack a single machine and use its connections to steal data. Instead, they look for a foothold into the organisation and then move laterally to find the most valuable data. The complexity of modern IT environments makes it hard for IT security teams to lock down their entire infrastructure. Additionally, as they move to cloud-based environments, many lack the security tools to evaluate and test those systems properly.

What Guardicore is doing is providing open-source tools to help IT and security teams. Importantly, it is also linking to other best-of-breed open source tools such as the NCC Group’s Scout Suite. It means that organisations of all sizes can begin to use these tools to test and protect their environments.

Adding support for Zero Trust assessments is just the latest addition that Guardicore has made, and it is an important one. Zero Trust is being promoted as a solution to a problem when, in reality, it is much more complicated than that. Zero Trust is a security concept, not a product or solution. It relies on organisations taking many different steps to close the gaps where attackers can enter and live inside the infrastructure.

Adding a new Zero Trust assessment capability for AWS is a good move as it will allow organisations to test their cloud and on-premises environments. When will it add the same support for GCP, Azure and other cloud environments?


Please enter your comment!
Please enter your name here