Whether that be your email gateway, EDR, or even the response times from your third-party vendors, we understand teams lack bandwidth, that every dollar counts, and the stakes have never been higher in proving your organization is going above and beyond compliance to keeping operations safeguarded.
Here are some of the new projects we’ve been working on, including Ransomware Defense Validation and highlights that have set OnDefend and our in-house breach and attack simulation tool BlindSPOT apart from the rest.
Are your security controls actually working? OnDefend analyzed security control failures across critical tools security teams rely on daily. The results:
Read: Understanding the Root Causes of These Failures
Did you miss our recent webinar with Baptist Health CISO James Case and OnDefend CEO Chris Freedman? Inspired by real conversations between healthcare leaders, Ransomware Defense Validation (RDV) was built as a proactive solution tailored to identifying those security control failures.
In this webinar, you’ll:
Learn how a leading U.S.-based healthcare system enhanced its ransomware resilience by validating security controls, ensuring vendor accountability, and strengthening defenses to protect critical patient data and care continuity.
“Ransomware Defense Validation plays a crucial role in building a robust, resilient, and trustworthy healthcare organization. You can’t eliminate all risk, but you can reduce it to safeguard patients and their sensitive data while maintaining their trust so we can focus on what matters most: patient care.” – Healthcare Chief Information Security Officer (CISO)
One of the great joys in building anything is seeing the things that once existed only on a whiteboard work in the real world. I’m always amazed at how the development and tradecraft team can take a whisper of an idea and then be ready to demo it a short time later. Demo day for new features is always amazing, and one of my favorite things about writing this newsletter is that I get to share this great work with all of you.
BlindSPOT, our breach & attack simulation tool is completely written in house by our development team. That gives us incredible flexibility to add new features, change an interface, or integrate with a new tool. But the best part is that we can add these based on your feedback. If you’ve got a thought on something that would help you make BlindSPOT even more useful, we’re happy to hear it!
We previously shared the ability to upload security tool logs at the campaign level. This is a great way to save time without having to go through the full API integration with a security tool.
This feature lets you export activity (in whatever the standard format for the tool is) and upload it to BlindSPOT.
BlindSPOT will then match that information with the campaign and automatically score your campaign for you. And now, we’ve introduced that at the project level too.
Let BlindSPOT handle scoring the entire project through file uploads.
Upload Security Tool Logs
You’ll see a list of all of the tools you have configured in your BlindSPOT tenant:
BlindSPOT Tenant
The BlindSPOT agent (or implant) is the only part of the BlindSPOT platform that must be deployed onto the system in order to execute activity on it. We’ve released a brand-new version of our implant in beta mode for you to test.
Among other things, it generates a smaller payload, improved detection evasion techniques, and runs without a front-end UI for improved execution in non-interactive modes. Try it on your next workshop.
BlindSPOT Agent- Implant
We’ve long had the ability for BlindSPOT simulations to attempt to exfiltrate data and download content from the Internet. But facilitating those actions either meant using public sources (out of our control – never a good idea) or having to stage the necessary services on the Internet to handle file hosting or uploads. We’ve been hard at work designing a way to make this easier.
The result is something we are calling Satellite – a specialized app that you can host on any Windows or Linux server and instantly be prepared to test exfiltrating files or downloading content as part of your simulations.
Best of all, you are in complete control of the execution of the Satellite – it runs on systems under your control and when you want it. It allows us to quickly move to new IP addresses and domains that have never interacted with your organization before, to see how your tools would handle that type of activity. Oh, and it will also act as a C2 relay, so your implants don’t have to phone home directly to the BlindSPOT server. Currently released in limited beta testing, we expect to have this out to all BlindSPOT customers soon.
With extensive experience in cybersecurity, intelligence, and incident response, Carly will play a pivotal role in enhancing OnDefend’s threat intelligence capabilities and program development.
Previous Leadership Roles:
Meet Carly
Thank you for taking the time to read our updates. We are committed as an organization to continue pushing boundaries within the world of innovation. OnDefend & BlindSPOT are the products of that. If you would like to learn more or have any suggested recommendations, please reach out: Contact Us.
OnDefend welcomes Carly Sherrod as Director of Threat Intelligence & Programs. Learn about her cybersecurity career, incident response expertise, and career highlights.
Read
Prepare your organization for ransomware attacks with these 5 critical steps to strengthen security, protect assets, and improve resilience.
Read
Secure Email Gateways (SEGs) are supposed to stop phishing and ransomware, but attackers still find ways through. Learn why SEGs fail, how misconfigurations leave gaps, and why continuous testing is the key to better email security.
Read