Infection Monkey’s Controlled Chaos in Network Engineering

GUARDICORE’S OPEN SOURCE SELF-PROPAGATING SECURITY TESTING TOOL

By Ofri Ziv, VP Research, GuardiCore

Chaos engineering is a rising concept in software engineering built around simulating extreme conditions and observing how the system performs. There is growing interest from the cybersecurity community to apply these same principles, the idea being to bring “controlled chaos” into network security. By constantly simulating breaches into random parts of your network—public or private cloud or any mix thereof—you can test how well your security controls work – all the time. Practitioners should assess the resiliency of their private and public cloud environments to post-breach attacks and lateral movement, and ultimately be better prepared to defend critical organizational assets.

Through continuous simulation of breaches into random parts of a customer’s network, the customer can test how well their security controls work at any time. The Infection Monkey, developed by GuardiCore Labs, provides detailed information about the specific vulnerability exploited and the effect vulnerable segments may have on the entire network. This actionable information gives security organizations the insights they need to make informed decisions and enforce tighter security policies.

We recently announced a new version of our Infection Monkey, an autonomous, self-propagating testing tool designed to assess the resiliency of private and public cloud environments to post-breach attacks. Infection Monkey v1.5 now includes support for the AWS, Azure and Google Cloud Platform environments, and has expanded support for Debian Linux and Windows MSI, enabling broader security assessments across hybrid cloud and data center environments. The v1.5 release also adds support for Docker containers used by developers to build software applications.

Infection Monkey v1.5 highlights:

• New user interface design: The Infection Monkey UI has been completely redesigned, enabling fast deployment and easier, continuous use.
• Evaluating your security posture in 3 easy steps: Launch the Monkey from any given machine, let it simulate an attacker and act on its findings and recommendations.
• Visual map display: The Infection Monkey features a dramatically improved Infection Map that visualizes lateral movement inside the network with details of successful and unsuccessful attack attempts, all from the Monkey’s eyes.
• New exploits: The Monkey detects SambaCry and Elasticsearch vulnerabilities and attacks on Windows machines using the pass the hash hacking technique.
• Security report: We now provide an elaborate security report at the end of every Monkey session. The report features immediate threats, security issues and actionable recommendations on how to resolve them.
• Expanded platform support: This release adds support for Docker containers plus AWS, Azure and Google Cloud Platform environments, and has expanded support for Debian Linux and Windows MSI.
• Infection Monkey availability and support
  The Infection Monkey is free and can be downloaded here. Source code is available from the GitHub repository. For questions, suggestions and guidance we encourage you to join the Infection Monkey Google Group.

About the Author
Ofri Ziv, VP of Research at GuardiCore, is the head of GuardiCore Labs which conducts ongoing research to discover new cyber threats and help strengthen the security community. Ofri is a veteran of the Israel Defense Forces (IDF) Intelligence Corps, where he led groups of security researchers and was in charge of the IDF’s elite cyber security training program. Ofri holds MSc in Computer Science from the Tel Aviv University. He is the author of several papers and has over 10 years of cybersecurity research experience. Ofri can be reached online at ([email protected], @OfriZiv) and at our company website http://www.guardicore.com/