Nehemiah Security, supplier of cybersecurity software and services to enterprise and government organizations, today announced major upgrades to the EQ (Exploit Quantifier) platform. EQ tests the effectiveness of an organization’s endpoint configuration against malware and other attacks by leveraging cyberwarfare tools to characterize, model and predict attack outcomes in a customized, virtual environment. This configurable framework establishes scalable and repeatable testing to generate high-fidelity cyberattack intelligence. Security teams leverage this automated functionality to perform what-if scenarios, train security personnel, and strengthen their defensive posture.
Security leaders today must understand the strengths and weaknesses of their cyber defenses, yet, most continue to rely on manual processes to configure and execute testing of their defenses. These methods are time consuming, do not scale, lack comprehensive metrics, and leave organizations without sufficient resources to optimize their security posture. EQ makes it possible to measure the effectiveness of cyber defense operations more powerfully than ever before. Experiments are conducted launching live malware into a virtualized environment modeling the organization’s IT assets. From these experiments, empirical data is collected, providing insights into which attacks were successful and why. Correlations are drawn to promote changes to improve the security of a network’s configuration. The result is both an acceleration and a multiplication of the content that comes from these experiments.
“As adversaries and threats become more sophisticated, it becomes harder for companies to know if they are prepared for new kinds of attacks that have never been seen before,” said Dave Hooks, Chief Technical Officer, Nehemiah Security. “EQ offers organizations a sophisticated solution for eliminating the guessing and knowing with proven, mathematical certainty what their risks are and how their assets will stand up to attacks.”
Following Nehemiah’s acquisition of Siege Technologies in 2016, the company absorbed a suite of elite offensive and defensive capabilities developed to support some of the largest and most security sensitive organizations in the world. Nehemiah recognized that when designing network protections, companies must understand what weapons their adversaries are using to predict whether the network will withstand an attack. With this philosophy in mind, EQ has evolved from one of these offensive capabilities into a major component of Nehemiah’s risk quantification software suite.
Building on its legacy of simulating how a network would stand up to a wide range of real-world exploits, new upgrades to EQ produce a measurement that can assess the effectiveness of existing cyber defenses in place. Implementing EQ gives companies the best possible perspective on how to improve their defenses and network configuration by modeling the endpoint response to cyber attacks, experimentally validating their defenses against offensive intelligence. More information about EQ can be found here.