Following the introduction, earlier this year, of the first test solution for authentic validation of zero trust networks, Daniel Munteanu, the Product Manager at Keysight, is extremely excited to take this opportunity to provide more information about this major milestone that is shaping the future of network application and security testing.
Typically, for a product, a 2.0 release marks the transition into the maturity stage (or, even a brand-new initiative), but with CyPerf 2.0 it is more than that. It is about delivering unique, unmatched capabilities that are raising the bar for network application and security testing.
Keysight CyPerf - instantly scalable zero trust test solution
Keysight CyPerf is the industry’s first instantly scalable zero trust test solution for distributed cloud
Keysight CyPerf is the industry’s first instantly scalable zero trust test solution for distributed cloud. CyPerf’s light-weight traffic generation agents can be deployed across a variety of physical, cloud and containerized environments, in order to deliver unprecedented insights into end-user experience, security posture, and performance bottlenecks.
By realistically modeling dynamic application traffic, user behavior, and threat vectors at scale, CyPerf validates hybrid networks, security devices, and services for more confident roll-outs.
Testing zero trust enabled network architectures
The key highlight of CyPerf 2.0 is the new capability for testing zero trust enabled network architectures with native support for authentication and contextual traffic generation.
In this release, client traffic agents are able to state-fully interact with Palo Alto’s Prisma Access Policy Enforcement Point and authenticate with Okta Identity Provider, before generating test traffic. A comprehensive state-full workflow is implemented within the test agents to mimic real user behaviors.
Access and retrieve data from the protected application
While trying to gain access to a specific protected application, they are first redirected to authenticate, and once the authentication is successful, they are again re-directed to finally access and retrieve data from the protected application.
To make testing more relevant and insightful, CyPerf test agents can be configured to use a very large set of credentials (using playlists of username and passwords), or to access custom application paths. This opens the path for unique test scenarios, relevant to the zero-trust world, such as:
- Emulating end-to-end legitimate user workflow to test the functionality, performance, and scale of zero trust network architectures.
- Use authenticated users trying to access resources that are not available to them.
- Combine legitimate, unauthorized, and unauthenticated users to validate least-privilege access policies.
Client Zero Trust Statistics
A test tool is only as good as the accuracy and relevancy of the statistics it is providing
A test tool is only as good as the accuracy and relevancy of the statistics it is providing. Because network security is critical, there was no scope to lower the bar for providing relevant metrics in zero trust scenarios, so implementing new dedicated stats dashboards like Client Zero Trust Statistics was the only option.
Access to granular KPIs and metrics provide users with insights into the status of the interaction with 3rd-party elements like the Policy Enforcement Point transactions or the Identity Provider’s response codes.
CyPerf 2.0
While the zero trust functionalities are the highlight of CyPerf 2.0, the other new features added in this release cannot be overlooked. CyPerf now supports HTTP Redirects, which makes it easier to interact with devices under test (DUTs) that use this technique for various purposes.
CyPerf’s deployment and usability has also been significantly improved with support for Microsoft Azure marketplace and the ability to deploy CyPerf test agents’ as.deb packages on top of both Ubuntu 20.04 and Ubuntu 18.04.
Expanded attack capabilities
On the content side, the attack capabilities are expanded with over 700 new high-profile security attacks. This includes malware samples like Maze, Bumblebee, TrickBot, QakBot, Cerber, XtremeRAT etc. or various exploits like Log4j, SVCReady, Atlassian Confluence OGNL, Spring Expression Resource Access Vulnerability and others.