ThreatSim was created by Stratum Security, an information security services firm headquartered in the Washington, DC metro area. We eat, breathe, and drink security. Stratum’s core business is performing security assessments: application security, penetration testing, mobile software assessments, and security program and compliance reviews. While each of these offerings have matured industry-wide, we noticed that there was a gap in the market for a scalable, feature rich, end-to-end spear phishing and advanced attack assessment service. Everyone performs security assessments, yet major breaches are still occurring.
If you examine recent high-profile security breaches, a commonality exists between each of them:
- Spear Phishing – targeted attacks that use targeted email messages that attempt to trick users into clicking on malicious file attachments or URLs
- Data Exfiltration – the covert transfer of data from within an organization to an external server that the attacker controls
- Vulnerable Browsers & Plugins – outdated software (Internet Explorer, Firefox, Safari, etc.) and 3rd party plugins (Flash, Java, etc.) enable attackers to compromise victims by simply visiting a malicious website
- Weak Egress Controls – permissive network security controls that allow data to be exfiltrated out of the network undetected
These attacks represent a blind spot in traditional network security assessments.
We also noticed that user awareness training can not solve these challenges. While an important component of an information security program user awareness training alone, regardless of its maturity, cannot completely address the threat posed by advanced attackers. In response to these common themes, customer demand, and real-world observations, Stratum developed a Security-as-a-Service (SaaS) solution that allows our clients to simulate advanced attacks against their people, processes, and technology in a controlled, repeatable, and cost-effective manner.
This solution is ThreatSim.