Skiddiemonkeys: Fling "stuff" at your Defenses and See What Sticks

No ratings

Presented at BSidesNashville 2015 by

Every security team invests tons of money in detective and preventative technologies. But how do they know they are working? Sure, there are pen tests, vulnerability scans and the old “”if we see stuff happening it’s probably OK”” theory, but none of these reflect real world attacks. Security teams need QA tools for their defenses designed to simulate targeted attacks by attackers of various intelligence levels in a distributed fashion. This helps teams to understand what their tools are seeing and, more importantly, what they are not seeing. This talk will examine these gaps, and also demo a tool, Skiddiemonkeys. This tool is based on the Netflix “”Chaos Monkey”” principles and designed to create a variety of randomized, semi-controlled bad actors across a distributed environment to test security tools and help security teams learn how they react to or reflect malicious events on the network.