Organizations spend a lot of money and time testing (or at least should) testing their security measures. Sometimes they hire a group of consultants called the "red team" to attack their systems and determine where security holes are safe. Randori, a Boston-based security startup, today launched the Randori Attack Platform, which effectively packages the Red Team concept as a service.
The company was created last fall with a tool called Randori Recon, which you can use to find vulnerabilities in your network. With the first product, said Brian Hazzard, co-founder and CEO, customers could see their surroundings through the lens of an attacker.
The next logical step is to announce Randori today Attack platform. "This allows them to launch real attacks, real exploits against their production resources with real attack tools to find out what matters and what doesn't," Hazzard told TechCrunch. What Randori Attack essentially does is to offer customers a safe opponent to play with. He calls this "a legitimate sparring partner who ultimately touches and strengthens their defenses".
CTO and co-founder David Wolpoff previously ran a consulting firm that launched Red Team attacks on clients. He says this was a sensible approach at the time, but an enormous number of people and tools were required to tear it down, which meant it was expensive. The idea behind Randori Attack is to provide this type of secure battlefield for companies to test their defenses, but to package it in a way that makes it accessible to a lot more companies than the consulting approach.
"We are still capturing human innovations and let our customers continue to control authorization. We are still building professional tools that do no harm but are designed to improve the attacker's environment. So you can have this sparring experience where you are can benefit from the economic economies of scale of our platform, ”explained Wolpoff.
The economies of scale play a role because Randori learns different attack techniques and can incorporate them into the platform. Anyone who uses the platform will benefit from it. "When we encounter something new in a customer environment that is reported by our research team, they can develop a new technique and quickly automate it so that the new attack or vulnerability can be used effectively against all of our customers," he said.
Randori Attack is available today.