SafeBreach Boosts Microsoft Defender for Endpoint Evaluation Lab Capabilities by Adding Support for New Advanced Attacks

SUNNYVALE, Calif., July 14, 2021 /PRNewswire/ — SafeBreach today announced the addition of new advanced attacks to the Microsoft Defender for Endpoint evaluation lab, providing seamless access to SafeBreach’s market-leading  continuous security validation platform, to allow users to test their environment and device configurations. This empowers security teams to test the efficacy of their endpoint solution instantly and accurately against top of mind threats, now including FIN7 threat group (using Carbanak malware) as well as the SolarWinds software compromise.


The evaluation lab in Microsoft Defender for Endpoint makes it easy for organizations to build and run proofs of concept (PoCs) in virtual environments using real software and networking scenarios in a safe and controlled environment. These built-in SafeBreach attacks markedly improve the capabilities of the lab; they enable PoCs to clearly demonstrate the effectiveness of various Microsoft Defender for Endpoint configurations and empower security teams to closely observe and review prevention, detection, and remediation features in action. These attacks and the reports they generate cover the full span of a real attack along the entire kill chain.

The new Carbanak+FIN7 advanced attack allows users to replicate local host infection and malicious behavior performed by the threat group FIN7 using the Carbanak malware. The new Solorigate advanced attack allows security teams to replicate attacks on the SolarWinds® Orion Platform using the Sunburst malware.

“These are two of the more serious attacks facing security teams in recent memory. Validating that existing controls are tuned to stop these exploits is critical to driving down cyber risk and minimizing chances of data breach and exfiltration of sensitive data,” says Itzik Kotler, CTO and Co-Founder of SafeBreach. “The ability to continuously validate controls and use that capability as a means of addressing the most critical risks is no longer optional. Customers and prospects can now visit the evaluation lab in Microsoft Defender for Endpoint to ensure they stay ahead of the opposition, even against these newer and more advanced attack types.”

Security teams using the evaluation lab do not need to make any code or configuration changes to run the new and existing SafeBreach attacks. Testers can simply select from one of the available scenarios in their evaluation lab control panel, immediately run the tests, and then receive the results for further validation and analysis.

“The addition of SafeBreach’s Carbanak+FIN7 and Solorigate attack simulations to our evaluation lab enables customers to test and improve their security posture against some of the most challenging threats facing companies today,” said Rob Lefferts, Corporate Vice President, Microsoft 365 Security.  “Cyber-security is a team sport and partners like SafeBreach are critical to our efforts to continuously improve the ability of security teams to validate and optimize the efficacy of Microsoft Defender for Endpoint.”

With the addition of the two new attacks, SafeBreach allows security teams to validate their endpoint solutions against the following advanced attacks:

  • Carbanak+FIN7 – attacks for local host infection and malicious behavior
  • Solorigate – attacks for SolarWinds® Orion® Platform compromise using SunBurst malware
  • APT29 (CozyBear) – attacks for local host infection and malicious behavior
  • Credential threat – techniques such as dumping passwords and authentication tokens
  • OS configuration changes – modifying the operating system configuration to enable malicious activity
  • Code execution – techniques to verify whether it is possible to enable malicious activity
  • Ransomware infection – known attacks including WannaCry, JAFF, Locky, NotPetya, and others

About SafeBreach

SafeBreach is the world’s most widely used continuous security validation platform in large and global scale enterprises. The patented SafeBreach platform empowers CISOs and their teams to validate security controls, maximize their effectiveness, and drive down risk. SafeBreach provides a “hacker’s view” of an enterprise’s security posture by continuously validating security controls. The platform presents findings in customized dashboards, enabling stakeholders to focus on the biggest risks to the organization. SafeBreach automatically and safely executes thousands of attack methods to validate network, endpoint, cloud, container and email security controls against its Hacker’s Playbook™, the world’s largest collection of attack data broken down by methods, tactics and threat actors. Data from SafeBreach validations can improve SOC team responses and empower management teams to make smarter decisions to better manage risk and invest resources. Headquartered in Sunnyvale, California, the company is funded by Sequoia Capital, Deutsche Telekom Capital Partners, OCV Partners, DNX Ventures, Hewlett Packard Pathfinder, PayPal and investor Shlomo Kramer. For more information, visit or follow us on LinkedIn.

Media Contact: Corinna Krueger, VP of Marketing at SafeBreach, 5102193634, [email protected]

Cision View original content to download multimedia:

SOURCE SafeBreach

Milton Security and Cyber Defense Technologies Team Up for VETCON IV at DEFCON 29

New TDWI Report Finds Organizations Struggling to Close the Governance Gap When Enabling Self-Service Analytics