AWS Partner Network (APN) Blog
Evaluate Network Security with GuardiCore’s Infection Monkey—a Breach and Attack Simulation Tool
By Claudine Morales, Partner Solutions Architect at AWS
Security is a critical aspect of any network infrastructure, and ensuring that proper security measures are in place calls for robust security testing mechanisms.
In a modern network, this entails implementing security test automation that matches the pace of change and innovation in a dynamic environment. This may mean going beyond quarterly penetration tests and deploying a continuous security testing solution that lets you evaluate network security after every change.
GuardiCore, an AWS Partner Network (APN) Advanced Technology Partner, offers a number of network security solutions including Centra Security Platform which enables you to gain visibility into east-west traffic, implement micro-segmentation access policy management, and enact real-time breach detection and response.
Recently, GuardiCore released Infection Monkey, an open source Breach and Attack Simulation (BAS) tool that regularly tests and evaluates the effectiveness of your network security configurations during post-breach attacks.
About Infection Monkey
With Infection Monkey, you can simulate a breach by “infecting” any random server within your cloud or on-premises infrastructure with a “Monkey.” The Infection Monkey then runs around your network using various methods to enter propagation paths and attacks each point of vulnerability it discovers.
This is an implementation of “chaos engineering” that is a testing methodology in which failure conditions are simulated and injected into a system in order to expose and address the system’s weaknesses before they become a problem in production. By letting an Infection Monkey simulate breaches and attack random parts of your network, you can test your security controls in a “controlled chaos” experiment.
You can track the Infection Monkey’s actions in the “Monkey Island,” a Command and Control (C&C) server that generates a visualization of all the Infection Monkey’s progress within your network. You are presented with a comprehensive report that details the Infection Monkey’s attack flows and any immediate threats and potential security issues it detects. This report provides actionable recommendations for each of your servers to help you improve your network security configurations.
You can start using Infection Monkey in just three easy steps.
Step 1 – Launch
Choose any machine in your Amazon Web Services (AWS) environment and infect it with an Infection Monkey. In the Infection Monkey console, specify the operating system of the machine as well as the communication interface of your choice. Afterwards, enter a command in the machine you are infecting to run the Infection Monkey, as provided in the console’s instructions.
The configurations page allows you to execute different attack scenarios, such as stolen credentials, a compromised internal server, or an external attacker.
Figure 1 – Run the Infection Monkey from any machine in your environment.
Step 2 – Attack
Watch the Infection Monkey attack your environment. Working from the attack configuration you set, the Infection Monkey penetrates your environment as a real attacker would. It attacks all potential victims, identifies propagation paths, and moves further through your network using these paths.
The Infection Map in Figure 2 illustrates all of the Infection Monkey’s movements within your network and indicates whether an attack was successful or unsuccessful.
Figure 2 – Keep track of progress as you watch the Infection Monkey generate a map of your network from the attacker’s point of view.
Step 3 – Assess
Use the report to improve your network security. The Infection Monkey generates a report detailing its attack flows and any immediate threats and potential security issues detected within your network. This report also provides practical recommendations you can take to better secure your network security posture.
For example, as shown in Figure 3, the report lists out servers the Infection Monkey was able to scan and successfully breach, as well as credentials it stole and their sources.
Figure 3 – The Infection Monkey generates a report detailing its findings.
Finally, Figure 4 illustrates some of the recommendations included in the report that can help you address the vulnerabilities listed.
Figure 4 – The Infection Monkey report provides recommendations for you to improve your network security.
Next Steps
Infection Monkey lets you continuously test the resilience of your network security so that you don’t have to settle with less frequent penetration tests, at no additional cost.
There are many ways to try Infection Monkey on your AWS environment. You can deploy a new image, download it as a precompiled binary, or download the source code from GitHub.
.
GuardiCore – APN Partner Spotlight
GuardiCore is an APN Advanced Technology Partner. They are focused on delivering more accurate and effective ways to stop advanced threats through real-time breach detection and response. GuardiCore offers a number of network security solutions including Centra Security Platform and Infection Monkey.
Contact GuardiCore | Practice Overview | Solution Brief | Buy on Marketplace
*Already worked with GuardiCore? Rate this Partner
*To review an APN Partner, you must be an AWS customer that has worked with them directly on a project.