13 Mar, 2021

Legitimate use of Cytomate

Cytomate is a powerful tool, a dishonest customer could use it to harm its competitors. Cytomate has taken different precautions in different modules to avoid illegitimate use. Cytomate provides each agent with a set of credentials to login to the cloud web interface.

Cytomate endpoint module is equipped with different types of malwares, ransomware and worms and trojans to test endpoint security controls. To avoid scenarios where a customer uses Cytomate endpoint to test the endpoint which he does not own, Cytomate requires a lightweight agent to be set up on the endpoint. Cytomate uses this agent to test corporate endpoint security controls and communicate with the endpoint server.

Cytomate WAF module tests if the organization’s WAF implementation configurations are able to block malicious payloads. The Cytomate WAF plays the role of an attacker who tries to perform malicious attacks such as cross-site scripting (XSS), SQL and command injections. To conduct the Cytomate WAF attack simulations, the customer has to verify the ownership of the Web application he wants to perform the simulation against. Cytomate WAF attack simulation verifies the ownership before the every simulation it performs and will proceed only if the verification succeeds. The customer can perform the web application ownership in multiple ways such as html file, metatag. The customer has to upload a special HTML file that contains the token. The removal of the HTML file will result in verification failure. The customer can also verify ownership by adding a tag to the HTML of a specific page. Cytomate WAF module will verify that the meta tag exists in the correct location. If Cytomate WAF can’t find the tag, it will give information about the error encountered. This tag is tied to a specific user.

Cytomate email gateway uses a designated test email account to test email gateway. This vector evaluates the organization’s email security by sending a number of malicious payloads. The Cytomate email gateway exposes critical vulnerabilities within the email security framework. By sending emails from a designated test email with attachments containing worms, ransomware, Trojans, or links to malicious websites, the simulation reveals if simulated malicious emails could bypass the organization’s first line of defense and reach your employees’ inbox.

Cytomate Phishing awareness module includes spear phishing, ransomware, BEC that are infiltrated using social engineering. Cytomate phishing awareness modules simulated phishing campaigns to test security awareness among employees. Cytomate avoids abuse of the phishing awareness module by only allowing phishing campaigns against the customer email domain and does not allow phishing campaigns outside the customer’s organization.