Companies spend a lot of money and time testing their security defenses (or at least they should). Sometimes they hire a set of consultants called a “red team” to attack (in a safe way) their systems and see where vulnerabilities are. Today, Randori, a Boston-based security startup, introduced Randori Attack Platform, which effectively packages the Red Team concept as a service.
The company emerged last fall with a tool called Randori Recon, which helps find vulnerabilities in your network. As co-founder and CEO Brian Hazzard put it, the first product enabled customers to see their environment through the lens of an attacker.
The next logical step is today’s announcement around Randori Attack Platform. “This enables them to launch real attacks, real exploits against their production assets with real attack tooling to find out what really matters and what doesn’t,” Hazzard told TechCrunch. What Randori Attack essentially does is give customers a safe adversary to play with, what he calls “a legitimate sparring partner to ultimately touch and strengthen their defenses.”
CTO and co-founder David Wolpoff used to run a consulting firm that ran Red Team attacks for clients. He says while this was a reasonable approach at the time, it took a tremendous number of people and tooling to pull off, and that meant it was expensive. The idea behind Randori Attack is to provide that kind of safe battleground for companies to test their defenses, but to package it in a way that puts it in reach of many more companies than the consulting approach.
“We’re still capturing human innovations, and we’re still letting our customers control authorization. We’re still building professional-grade tools that aren’t intended to harm, but are intended to progress the attacker environment. And so you can have this sparring experience where you can also benefit from the economic economies of scale of our platform,” Wolpoff explained.
The economies of scale come into play because as Randori learns about different attack techniques, it can build these into the platform and everyone who uses the platform will benefit. “If we encounter something new in one customer environment that gets flagged by our research team, then they can develop a new technique and quickly automate that in a way that the new attack or vulnerability is leveraged against all of our customers,” he said.
Randori Attack is available starting today.