Booz Allen Launches SnapAttack™, a Cloud-Based Purple Teaming Platform


SnapAttack brings together red and blue security teams, enabling them to understand the latest threats, prioritize and remediate detection gaps, and prevent future cyber attacks

Booz Allen Hamilton (NYSE: BAH) announced today the availability of SnapAttack™—a cloud-based software solution that brings together actionable threat intelligence and hacker detection. By unifying the security lifecycle into a single solution, SnapAttack enables red and blue teams to work together, emulating attacks from intelligence data, sharing insights of malicious behavior, and developing vendor-agnostic behavioral detection analytics to stop advanced adversaries.

Today’s red and blue teams use multiple, siloed products for key functions like threat intelligence, incident detection and response, breach and attack simulation, and continuous monitoring, causing them to struggle to keep up with the latest threats and attack methods. Compounding the issue, cybersecurity analysts experience alert fatigue from the high volume of alerts they receive, many of which are false positives. In fact, 93 percent of organizations reportedly receive more than 5,000 alerts per day, but on average, security teams only investigate 51 percent of these alerts.

“We built SnapAttack to satisfy a critical need to help our own red and blue teams collaborate more effectively. This approach continually increases our confidence in detecting sophisticated threats through threat hunting and improving our defenses in support of clients worldwide,” said Garrettson Blight, Booz Allen’s Director of Dark Labs. “We’re now offering this product, borne out of Booz Allen’s expertise in commercial and nation-state-level cyber operations to help our clients do the same.”

As a cloud-based software solution, SnapAttack is always up to date. New attack techniques and analytics are regularly pushed to subscribers, but advanced teams can harness the full power of the platform to create their own attack techniques and analytics based on internal threat intelligence.

Read More: Realizing Enterprise threat visibility versus real-time operational issues

With SnapAttack, security teams can:

  • Centralize Offensive Tradecraft: Capture and organize the latest adversary tradecraft—from their own internal threat data or Booz Allen’s ever-growing attack database—in an easily digestible and actionable way. This helps security teams gain confidence in their organization’s ability to prepare for, prevent, and detect emerging threats. Today, there are more than 1,000 attacks catalogued in the SnapAttack database—and counting.
  • Improve Detection with Existing Tools: Use Booz Allen’s advanced analytic builder to create, test, and deploy high-quality behavioral analytics for their existing security tools. Reduce the time and skill level needed to create new detection logic that has higher confidence and lower false positives, and is more robust to attack variants.
  • Measure and Reduce Risk: Validate their security controls—such as antivirus, endpoint detection and response, and custom security information and event management (SIEM) alerts—against true positive attacks, mapped to the industry standard MITRE ATT&CK® framework. Track detection coverage and gaps, and gain quantifiable evidence of a program’s effectiveness.

Read More: Security Leaders to Prioritize the Evolving Threat Landscape for the next Five Years

“SnapAttack addresses the needs of CISOs and SOC leads to deploy proactive, preventive security measures that continuously test cyber defenses to get ahead of attacks by identifying and addressing potential vulnerabilities and control gaps before the adversary can,” said Brad Medairy, a Booz Allen Executive Vice President and leader of the firm’s cybersecurity and engineering business. “This tool is a culmination of years of offensive and defensive cyber operations experience – consistently defeating advanced persistent threats.”

Designed to improve the detection of malicious behavior at the endpoint, SnapAttack supports the top endpoint detection and response (EDR) vendors in the marketplace.