In July 2012, Bit9, now VMware Carbon Black, was breached by a nation-state attacker targeting multiple customers. Anyone who has lived through a breach will share with you — it’s miserable. During the response process, we found a number of process and technology failures that led to the breach. Prevention controls weren’t deployed in the right spots and we didn’t know all of our internet-facing systems. While hindsight provides clarity, it is easy to miss these issues in practice.
Once we fixed the known issues, we made a significant investment and hired David Wolpoff (aka Moose) and his red team to come after our systems on a continual basis over a long-term engagement. Referred to us by some notable defense contractors, we knew Moose was the real deal. His objective was the same as the adversary — infiltrate our build server, our source code, or our domain controller.
Every time Moose and his team came at us, we got better. For example, we quickly learned that our attack surface appeared different to Moose than it did to those of us defending it, so we used that insight to improve our strategy. We also learned that the products we thought we had deployed in the right spots, configured in the right way, and backed by a team trained to use them were not as effective as we believed when under attack. By partnering with Moose and his team, we gained a trusted adversary that could help us improve, and the results were significant: we regained control over our attack surface and over time built a security program that was highly resilient in the face of a compromise.
Coming off of this experience, Moose and I joined forces to bring this continuous red team experience to every security team in the world in a way that organizations could afford. The result — the Randori Attack Platform.
Until today, the industry lacked a trusted adversary capable of mirroring attackers in a ongoing and cost-effective way. With the Randori Attack Platform, organizations can now continuously assess and improve their real-world security posture, just like we were able to do at Carbon Black.
Over the past two years, we have invested millions in developing patent-pending technology that automates the techniques used by Moose and his team to penetrate some of the world’s largest and most secure organizations. With this breakthrough, Randori can uniquely deliver a continuous red team experience at scale to organizations, at a fraction of the cost.
Combining hacker logic with automated surveillance, exploitation, and attack tooling in a highly scalable platform — the Randori Attack Platform performs everything from reconnaissance to exfiltration. Unlike a simulation, which replays historical attacks inside artificial boundaries, Randori provides customers the ability to safely launch real-world attacks against their production assets.
For the past year, we’ve been working with dozens of leading organizations to make their security programs resilient in the face of compromise. John Shaffer, CIO at Greenhill, shares his experience with Randori in this video clip below. It’s truly humbling that we’ve been able to work with dynamic leaders like John to drive change and improve security in so many organizations.
Now that we’ve officially launched the platform, I look forward to partnering with many more of you to bring the same experience to your organization.
— Brian