Getting started consists of two easy steps - deploying a new image and launching the Infection Monkey!
The OVA can be used in one of two modes:
After deploying the Monkey Island in your environment, navigate to https://<server-ip>:5000. To get the Infection Monkey running as fast as possible, click Run Monkey. Optionally, you can configure the Monkey before you continue by clicking Configuration (see Appendix A).
To run the monkey, select one of the following options:
1. Click Run on C&C Server to run the Infection Monkey on the Monkey Island server. This simulates an attacker trying to propagate from a machine in the Monkey Island subnet.
2. Click Run on machine of your choice to download and execute the Infection Monkey on a machine of your choice. Then follow the instructions and execute the generated command on the machine of your choice. This simulates an attacker who has breached one of your servers. The Monkey will map all accessible machines and their open services and try to steal credentials and use its exploits to propagate.
Next, click the Infection Map link to see the Infection Monkey in action.
At first, the infection map will look like this:
Within a few minutes, the Infection Monkey should be able to find and attack accessible machines.
As the Infection Monkey continues, the map should be filled with accessible and “hacked” machines. Once all the Infection Monkeys have finished propagating, click Security Report (see Appendix B).
Congratulations, you finished first successful execution of the Infection Monkey! To thoroughly test your network, you can run the Infection Monkey from different starting locations using different configurations (see Appendix A).
The Monkey is very configurable, nearly every part of it can be modified to turn it to a fast acting worm or into a port scanning and system information collecting machine.
The configuration is split into two parts, Basic and everything else, the Basic options are pretty self explanatory and are split into two sections:
In this screen you can feed the Monkey with “stolen” credentials for your network, simulating an attacker with inside knowledge.
Here you can control multiple important settings, such as:
The report is split into 3 categories
The Guardicore Infection Monkey runs different tests to evaluate your network adherence to key components of the Zero Trust framework as established by Forrester, such as whether you have applied segmentation, user identity, encryption and more. Then, the Monkey generates a status report with detailed explanations of security gaps and prescriptive instructions on how to rectify them.
This report is comprised of 3 main segments:
This diagram provides a quick glance at how your organization scores on each component of the Forrester’s Zero Trust model with Failed, Verify, Passed and Unexecuted verdicts.
See how your network fared against each of the tests the Infection Monkey ran. The tests are ordered by Zero Trust components so you can so you quickly navigate to the components you care about first.
Deep-dive into the details of each test, and see the explicit events and exact timestamps in which things happened in your network. This will enable you to match up with your SOC logs and alerts and to gain deeper insight as to what exactly happened during each of the tests.
The results are exportable. Click Export after clicking on Events to view them in a machine-readable format.