Cybersecurity (Measure & Improve)

“Continuous breach and attack simulation to validate and improve your security posture.”

 What is Threat Simulator?

Threat Simulator is Keysight’s Breach and Attack Simulation (BAS) platform.
It continuously emulates the latest cyberattacks, malware, and adversary behaviors to help organizations validate the effectiveness of their security tools, processes, and teams — 24/7, in production environments, without disruption.

By running safe, automated attack campaigns, Threat Simulator provides security teams with a continuous assessment of their real defensive posture, highlighting misconfigurations, gaps, and blind spots before attackers can exploit them.

Key Features

• Continuous Breach & Attack Simulation
  • Safe emulation of tactics, techniques, and procedures (TTPs) mapped to MITRE ATT&CK.
  • Covers endpoints, networks, cloud workloads, and email/phishing vectors.
• Always Updated Attack Library
  • Backed by Threat Intelligence from Keysight Application and Threat Intelligence (ATI) Research Center.
  • New malware, exploits, and evasion techniques added regularly.
• End-to-End Security Validation
  • Test firewalls, IPS, proxies, email security, endpoint protection (EDR/XDR), SIEM/SOC workflows.
  • Validate how controls behave against both known and emerging threats.
• Actionable Remediation Guidance
  • Detailed reporting highlights misconfigurations, coverage gaps, and false negatives.
  • Provides clear recommendations to strengthen defenses.
• Cloud-Native Delivery
  • SaaS-based platform with agent deployment across hybrid and multi-cloud environments.
  • Easy integration with existing SOC and SIEM tools.

Benefits for the Client

• Proactive defense: identify and fix weaknesses before adversaries exploit them.
• Reduce dwell time: validate detection and response across the full kill chain.
• Optimize security tools: ensure EDR, SIEM, IDS/IPS are configured and tuned correctly.
• Continuous assurance: unlike one-off pen tests, Threat Simulator runs all year round, not just annual snapshots
• Compliance support: evidence for audits and regulatory frameworks.
• Strengthens regulatory alignment with DORA’s security testing obligations.
• Reduces cost and complexity by industrializing security validation.
• Delivers auditable evidence for regulators and boards.
• Improves overall cybersecurity maturity and governance posture.

Support for DORA Compliance

The Digital Operational Resilience Act (DORA) applies to financial entities in the EU (banks, insurers, asset managers, and critical IT providers).
It emphasizes:

• Operational resilience of digital systems
• Detection, prevention, and resistance to cyber threats
• Regular and advanced testing of security and resilience

This platforms (e.g., Keysight Threat Simulator) bring tangible value to DORA programs:

• Continuous Testing
  • Unlike one-off penetration tests, BAS runs 24/7 simulations of real-world attacks.
  • Matches DORA’s requirement for recurring and consistent testing.
• Realistic Threat Simulation
  • Emulates tactics, techniques, and procedures (TTPs) based on MITRE ATT&CK.
  • Validates detection, prevention, and incident response across the entire kill chain.
• Validation of Security Controls
  • Assesses the effectiveness of firewalls, SIEM, IDS/IPS, EDR/XDR, and SOC processes.
  • Detects misconfigurations, blind spots, and false negatives.
• Audit-Ready Reporting
  • Produces clear, repeatable evidence of resilience testing.
  • Supports compliance reporting and strengthens governance frameworks.
• Support for TLPT (Threat-Led Penetration Testing)
  • DORA mandates advanced testing aligned with TIBER-EU for critical entities.
  • Threat Simulator acts as a complementary, automated layer that prepares, enriches, and extends TLPT exercises.

Threat Simulator as BAS tools is not a replacement for formal TLPT/TIBER-EU exercises, but it is a powerful enabler. It allow financial institutions to move from point-in-time compliance to continuous resilience assurance, fully aligned with DORA’s intent.

Why Threat Simulator is Different ?

• Continuous BAS vs. point-in-time penetration testing.
• Safe for production: realistic attack simulation without risk of outage.
• MITRE ATT&CK-based: aligned to the industry’s de facto adversary model.
• Global threat intelligence: powered by Keysight’s ATI Research Center.
• SaaS delivery: scalable, always up to date, quick to deploy.

Typical Use Cases

• Validate if EDR/XDR solutions detect current malware campaigns.
• Test email security against phishing and BEC (Business Email Compromise).
• Check if firewalls, IPS, and proxies block modern exploits.
• Run continuous red team exercises without needing internal red teams.
• Provide audit-ready reports for compliance frameworks (ISO, NIST, PCI DSS).

 Services & Support (What We Offer)

• BAS Readiness Assessment – define scope and deployment of Threat Simulator.
• Integration Services – connect with SIEM, SOAR, and SOC processes.
• Continuous Security Validation – as-a-service validation campaigns.
• Workshops – MITRE ATT&CK simulation training for SOC analysts.

“Uncover and mitigate vulnerabilities in connected devices before attackers exploit them.”

What is Riscure?

Riscure, now part of Keysight Technologies, is a specialized solution for device vulnerability analysis. It focuses on evaluating the security of embedded systems, IoT devices, mobile platforms, payment systems, and secure elements against a wide spectrum of attacks.

Unlike traditional IT security tools that focus on networks or applications, Riscure addresses the hardware, firmware, and software layers of devices, ensuring that the very foundation of the connected world is secure.

It combines automated test platforms, advanced side-channel analysis, fault injection tools, and expert services to identify vulnerabilities before production deployment and support compliance with global security standards.

Key Features

• Comprehensive Device Testing
  • Analyze the resilience of IoT, automotive ECUs, mobile devices, payment terminals, and secure chips.
  • Evaluate both hardware (boards, SoCs, chips) and firmware/software layers.
• Side-Channel & Fault Injection Attacks
  • Test exposure to power analysis, electromagnetic leakage, timing attacks.
  • Validate resilience against fault injection (laser, EM, voltage glitches).
• Application & Protocol Validation
  • Assess mobile payment apps, digital identity systems, and IoT protocols (BLE, Zigbee, Wi-Fi).
  • Identify cryptographic weaknesses or misconfigurations.
• Compliance & Certification Support
  • Align with standards such as Common Criteria, EMVCo, FIPS 140-3, GlobalPlatform, GSMA, Automotive ISO 21434.
  • Pre-certification testing reduces delays and certification costs.
• Expert Services
  • Access to Riscure’s security analysts with decades of expertise in device and hardware security.
  • Threat modeling and design review during early product lifecycle stages.

Benefits for the Client

• Protect brand reputation: prevent costly recalls or breaches caused by insecure devices.
• Accelerate certification: validate compliance early to reduce time-to-market.
• Future-proof devices: ensure resilience against evolving attack methods (side-channel, glitching, remote exploits).
• Critical infrastructure protection: safeguard IoT, medical devices, and automotive ECUs deployed in sensitive environments.
• Global trust: used by semiconductor vendors, OEMs, financial institutions, and government agencies.

Why Riscure is Different ?

• Deep expertise in device security: focused on hardware, firmware, and embedded systems where most other solutions stop at software.
• Advanced test techniques: fault injection, side-channel analysis, and hardware-level exploit simulation.
• Certification leadership: trusted by certification labs worldwide for pre-compliance testing.
• Part of Keysight: integrated into a broader test and visibility ecosystem, bridging device, network, and cloud assurance.

 Typical Use Cases

• Validate the security of IoT devices before large-scale deployment.
• Test payment systems and secure elements for EMVCo or Common Criteria certification.
• Ensure automotive ECUs comply with ISO 21434 and resist cyberattacks.
• Assess medical devices for resilience against tampering and data leakage.
• Benchmark semiconductors and chipsets against side-channel and fault injection attacks.

Services & Support (What We Offer)

• Device Security Assessments – full vulnerability testing of embedded hardware/software.
• Certification Preparation – align devices with regulatory standards.
• Fault Injection & Side-Channel Workshops – hands-on training for security engineers.
• Threat Modeling & Design Review – integrate security early in product lifecycle.
• Managed Device Security Testing – continuous validation of IoT fleets.

“Cloud-native cybersecurity testing for hybrid, multi-cloud, and encrypted environments.”

What is CyPerf?

Keysight CyPerf is a cloud-native, elastic test platform designed to validate the security, performance, and resilience of modern applications and infrastructures deployed across public cloud, private cloud, and hybrid environments.

Unlike traditional lab-based solutions, CyPerf runs directly inside cloud workloads (AWS, Azure, GCP, Kubernetes, VMware), generating realistic traffic patterns and attack simulations to test how applications, networks, and security tools behave under real-world conditions.

It complements BreakingPoint by extending advanced test capabilities into production-like cloud environments, ensuring organizations can validate security and user experience before, during, and after migration to the cloud.

Key Features

• Cloud-Native Architecture
  • Elastic agents deployed on VMs, containers, or bare metal.
  • Orchestrated from a central controller with full automation via APIs.
• Realistic Application Traffic
  • Emulates modern workloads: HTTP/S, SaaS, VoIP, video, API calls.
  • Supports encrypted traffic (TLS 1.3, QUIC, VPNs) to validate visibility and inspection capabilities.
• Security Testing
  • Simulates attacks including DDoS, brute force, ransomware, and evasion techniques.
  • Validates WAFs, NGFW, IPS, and cloud security controls.
• Elastic Scale
  • Dynamically scale traffic generation to thousands of concurrent users.
  • Test performance under burst conditions, migrations, or failover scenarios.
• Analytics & Reporting
  • KPIs: throughput, latency, jitter, packet loss, SLA compliance.
  • Security metrics: attack detection, mitigation efficacy, false positives.

Benefits for the Client

• Prove cloud resilience: validate performance and security of apps before production rollout.
• Mitigate migration risks: ensure apps and controls behave correctly after moving to cloud.
• Optimize security tools: benchmark WAF, NGFW, IPS across hybrid environments.
• Encrypted traffic validation: test how defenses handle TLS 1.3, VPN, QUIC traffic.
• Elastic scalability: run global, distributed tests at the scale of real user bases.

Why CyPerf is Different ?

• Cloud-native by design: built for AWS, Azure, GCP, Kubernetes, VMware.
• Elastic & on-demand: no hardware, fully software-driven deployment.
• Comprehensive coverage: performance + security + user experience in one platform.
• Complements BreakingPoint: lab + cloud = full-spectrum security validation.
• Continuous validation: can be run periodically or as part of DevSecOps pipelines.

Typical Use Cases

• Validate cloud migration projects to minimize downtime and risk.
• Test SaaS performance under load and attack conditions.
• Assess encrypted traffic handling for compliance and security efficacy.
• Run DevSecOps security validation as part of CI/CD pipelines.
• Benchmark multi-cloud resilience across AWS, Azure, and GCP.

Services & Support (What We Offer)

• Cloud Test Assessment – design CyPerf test campaigns for hybrid infrastructures.
• Deployment Services – install and orchestrate CyPerf agents across environments.
• Security Simulation Workshops – run realistic attack campaigns to test defenses.
• Integration – embed CyPerf into CI/CD and DevSecOps pipelines.
• Managed Testing – continuous validation as-a-service powered by CyPerf.

“Real-world traffic and threat simulation to validate resilience, security, and performance.”

What is BreakingPoint?

BreakingPoint is Keysight’s flagship security and resilience testing platform, combining hardware appliances and advanced software libraries to emulate real applications, users, and cyberattacks at massive scale.

It enables enterprises, governments, and service providers to validate the efficacy of firewalls, IPS, DDoS defenses, and industrial systems against today’s evolving threats — without jeopardizing production environments.

Key Features

• Hardware Platforms
  • High-performance appliances capable of generating stateful traffic at hundreds of gigabits per second.
  • Modular chassis options with scalable interface cards (1G to 100G, copper and fiber).
  • Purpose-built for carrier-grade and national lab testing environments.
• Application and Traffic Simulation
  • Emulates thousands of applications and protocols (HTTP, VoIP, video, SaaS, P2P).
  • Generates realistic user behavior, at scale.
• Threat and Attack Simulation
  • Continuously updated library of exploits, malware, ransomware, and evasion techniques.
  • Emulates zero-day threats, advanced persistent threats (APT), and multi-vector attacks.
• Inline Security Validation
  • Test firewalls, IPS, DDoS appliances, proxies, NDR, and industrial systems (SCADA/ICS).
  • Validate inline device performance under safe, controlled test scenarios.
• Advanced Metrics & Analytics
  • Real-time dashboards: throughput, latency, drops, error rates.
  • Reports designed for compliance and executive visibility.

 BreakingPoint Solves Your Real-World Test Challenges

• DDoS Protection – Simulate volumetric (network layer) and application-layer DDoS attacks to validate mitigation strategies.
• Zero-Day Readiness – Test resilience against unknown threats using continuously updated attack libraries.
• SCADA & Industrial Network Security – Assess vulnerabilities and resilience of OT and SCADA networks, critical for energy and utilities.
• Next-Gen Firewall / IPS Validation – Ensure inline security tools scale under real-world attack and traffic loads.
• Regulatory & Compliance Testing – Produce evidence of resilience for audits and certifications.
• Application Performance under Attack – Validate if critical business applications remain usable during cyber incidents.

Benefits for the Client

• Reduce risk proactively: identify weaknesses before attackers exploit them.
• Validate security investments: ensure firewalls, IPS, and DDoS appliances deliver promised performance.
• Operational confidence: test under realistic conditions, at scale.
• Critical infrastructure protection: extend testing to SCADA and industrial networks.
• Future-proof defense: continuous updates reflect the latest threats and attack trends.

Why BreakingPoint is Different ?

• Hardware-accelerated: dedicated appliances designed for massive scale and precision.
• Realism: combines real applications, real threats, and real user behavior.
• Continuously updated intelligence: always current with global threat landscape.
• Multi-domain coverage: enterprise IT, service provider backbones, and industrial OT/SCADA networks.
• Part of Keysight ecosystem: integrates with CyPerf, Vision Packet Brokers, and IxLoad.

Typical Use Cases

• Pre-deployment validation of next-gen firewalls and IPS.
• Benchmarking DDoS protection appliances.
• Securing critical infrastructure (SCADA, energy, utilities).
• Assessing cloud and hybrid network defenses.
• Running continuous security validation in labs and SOCs.

Services & Support (What We Offer)

• Security Test Assessment – determine BreakingPoint deployment scenarios.
• Lab Setup & Integration – deploy appliances and test libraries in enterprise/service provider labs.
• Workshops – DDoS simulation, SCADA resilience testing, zero-day readiness exercises.
• Managed Testing Services – continuous validation campaigns powered by BreakingPoint appliances.