ThreatSim was created by Stratum Security, an information security services firm headquartered in the Washington, DC metro area. We eat, breathe, and drink security. Stratum’s core business is performing security assessments: application security, penetration testing, mobile software assessments, and security program and compliance reviews. While each of these offerings have matured industry-wide, we noticed that there was a gap in the market for a scalable, feature rich, end-to-end spear phishing and advanced attack assessment service. Everyone performs security assessments, yet major breaches are still occurring.
If you examine recent high-profile security breaches, a commonality exists between each of them:
- Spear Phishing – targeted attacks that use targeted email messages that attempt to trick users into clicking on malicious file attachments or URLs
- Data Exfiltration – the covert transfer of data from within an organization to an external server that the attacker controls
- Vulnerable Browsers & Plugins – outdated software (Internet Explorer, Firefox, Safari, etc.) and 3rd party plugins (Flash, Java, etc.) enable attackers to compromise victims by simply visiting a malicious website
- Weak Egress Controls – permissive network security controls that allow data to be exfiltrated out of the network undetected
These attacks represent a blind spot in traditional network security assessments.
We also noticed that user awareness training can not solve these challenges. While an important component of an information security program user awareness training alone, regardless of its maturity, cannot completely address the threat posed by advanced attackers. In response to these common themes, customer demand, and real-world observations, Stratum developed a Security-as-a-Service (SaaS) solution that allows our clients to simulate advanced attacks against their people, processes, and technology in a controlled, repeatable, and cost-effective manner.
This solution is ThreatSim.
MACH37™ is America’s premier market-centric cybersecurity accelerator. The Accelerator is designed to facilitate the creation of the next generation of cybersecurity product companies. MACH37™’s unique program design places heavy emphasis on the validation of product ideas and the development of relationships that produce an initial customer base and investment capital. MACH37™ is located at the Center for Innovative Technology. The Accelerator is operated by the MACH37™ partners. Mach 37 refers to “escape velocity,” the minimum velocity needed to escape earth’s gravitational field. We felt that this was an apt term for our accelerator, because newly launched technology companies must push past forces that inherently prevent their growth. 
Founded in 1997, Guidance Software is recognized globally as the world leader in e-discovery and other digital investigations. Our EnCase® software solutions provide the foundation for corporate government and law enforcement organizations to conduct thorough and effective computer investigations of any kind, including intellectual property theft, incident response, compliance auditing and responding to e-discovery requests-all while maintaining the forensic integrity of the data. We also offer customized services in e-discovery, incident response, computer forensics, evidence presentation and trial testimony, using a team of former law enforcement professionals, e-discovery and litigation support experts, information assurance specialists and project managers who have front-line, hands-on experience in all areas of digital investigations. Guidance Software trains more than 6,000 corporate, law enforcement and government professionals annually in the areas of computer forensics, enterprise forensics, e-discovery, and computer incident response. Courses and materials are offered in a variety of languages in Guidance Software facilities worldwide, through partners and online. Our customers are corporations and government agencies in a wide variety of industries, such as financial and insurance, technology, defense, energy, pharmaceutical, manufacturing and retail. There are more than 40,000 licenses of EnCase® technology worldwide. The EnCase Enterprise platform is used by more than half of the Fortune 100, including Allstate, Chevron, Ford, General Electric, Honeywell, Northrop Grumman, Pfizer, UnitedHealth Group and Viacom.
Imperva, pioneering the third pillar of enterprise security, fills the gaps in endpoint and network security by directly protecting high-value applications and data assets in physical and virtual data centers. With an integrated security platform built specifically for modern threats, Imperva data center security provides the visibility and control needed to neutralize attack, theft, and fraud from inside and outside the organization, mitigate risk, and streamline compliance. Over 3,000 customers in more than 75 countries rely on our SecureSphere® platform to safeguard their business. Imperva is headquartered in Redwood Shores, California. Learn more: 
Resilience Technology Corporation is a leading developer and manufacturer of cyber security tools, engineering and making purpose-built hardware for best-of-breed network security applications. Founded in 1995 as a manufacturer of security appliances designed specifically to host 
