Threatcare is a service that allows you to test the effectiveness of security controls without the need for live malware or performing an actual, potential disruptive, intrusion. What kinds of simulations can be performed with Threatcare?
At Threatcare we allow enterprises to measure their ability to detect, defend, and log intrusions. Our simulations create intrusion artifacts via DNS, HTTPS, HTTP, SMTP, and several other protocols. Threatcare does data exfiltration, lateral movement, egress scan, and inbound executable via email to name a few. Threatcare does all these simulations without harmful malware to allow organizations to test their security solutions prior to, during, and after deployments.
Tanium was recently in the news for using live customer data to demo their product. Can Threatcare be used to test the effectiveness of host based and network based security products?
Threatcare creates both network and host-based artifacts to test tools such as Tanium. Tanium and their competitors can use Threatcare simulations to show how their solutions work. In Tanium’s case they could look for hashes of files that we transfer to end-points. That’s always a nice capability to have and this can be used in incident response to discover the scope of intrusions.