Booz Allen Launches SnapAttack Cloud-Based Purple Teaming Platform

Booz Allen Hamilton announced today the availability of SnapAttack, a cloud-based software solution that brings together actionable threat intelligence and hacker detection.

By unifying the security lifecycle into a single solution, SnapAttack enables red and blue teams to work together, emulating attacks from intelligence data, sharing insights of malicious behavior, and developing vendor-agnostic behavioral detection analytics to stop advanced adversaries.

Today’s red and blue teams use multiple, siloed products for key functions like threat intelligence, incident detection and response, breach and attack simulation, and continuous monitoring, causing them to struggle to keep up with the latest threats and attack methods. Compounding the issue, cybersecurity analysts experience alert fatigue from the high volume of alerts they receive, many of which are false positives. In fact, 93 percent of organizations reportedly receive more than 5,000 alerts per day, but on average, security teams only investigate 51 percent of these alerts.

As a cloud-based software solution, SnapAttack is always up to date. New attack techniques and analytics are regularly pushed to subscribers, but advanced teams can harness the full power of the platform to create their own attack techniques and analytics based on internal threat intelligence.

With SnapAttack, security teams can:

• Centralize Offensive Tradecraft: Capture and organize the latest adversary tradecraft—from their own internal threat data or Booz Allen’s attack database. This helps security teams gain confidence in their organization's ability to prepare for, prevent, and detect emerging threats. Today, there are more than 1,000 attacks catalogued in the SnapAttack database.
• Improve Detection with Existing Tools: Use Booz Allen’s advanced analytic builder to create, test, and deploy behavioral analytics for their existing security tools. Reduce the time and skill level needed to create new detection logic that has higher confidence and lower false positives, and is more robust to attack variants.
• Measure and Reduce Risk: Validate their security controls—such as antivirus, endpoint detection and response, and custom security information and event management (SIEM) alerts—against true positive attacks, mapped to the industry standard MITRE ATT&CK framework. Track detection coverage and gaps, and gain quantifiable evidence of a program’s effectiveness.

“SnapAttack addresses the needs of CISOs and SOC leads to deploy proactive, preventive security measures that continuously test cyber defenses to get ahead of attacks by identifying and addressing potential vulnerabilities and control gaps before the adversary can,” said Brad Medairy, a Booz Allen Executive Vice President and leader of the firm’s cybersecurity and engineering business. “This tool is a culmination of years of offensive and defensive cyber operations experience – consistently defeating advanced persistent threats.”

Designed to improve the detection of malicious behavior at the endpoint, SnapAttack supports the top endpoint detection and response (EDR) vendors in the marketplace.