Perform Security Checks to Test Your Security Controls

You can use Secure DX to simulate security threats to test if your security controls are working correctly.

The files and websites used by these security checks do not cause any real harm or threat to your devices. However, they are designed to have the appearance of a real security threat, and your security control software will recognize them as a security threat.

Security checks that will cause alerting in your security control software are indicated by a yellow or red warning icon (red is more severe than yellow). This article describes these security checks so that your security team can be prepared.

Remove / quarantine infected files

This security check creates the file C:\ProgramData\ControlUp\SRM\Tests\eicar.com with a hash value that is known to contain malware. If your antivirus software is working correctly, it should detect the malicious file when it is saved to the disk. The file is never executed during the test.

Secure DX checks if the file is promptly removed or protected by your antivirus software. If not, then the security check fails. This indicates that antivirus software is either not installed or not working correctly. The file is automatically deleted at the end of the test.

For example, your security control software should detect the file like this:

Add block policy for HTTPS malware download

This security check attempts an HTTPS download of a file that is known to contain malware. The file is downloaded to C:\ProgramData\ControlUp\SRM\Tests\MaliciousEXE.exe. Your Web Security Gateway should detect this as a malicious file and block the download.

Secure DX checks if the file is successfully downloaded to the device. If the file is downloaded, then the security check fails. This indicates that your Web Security Gateway is not blocking malware downloads. The file is automatically deleted at the end of the test.

The indicator of compromise (IOC) for this security check can be either Azorult, Tnega, or StopCrypt. For example, your security control software should detect the file like this:

Testing access to malicious websites

The following security checks test a device's access to malicious websites. Your secure access service edge (SASE) should recognize these websites as malicious and intervene. If these tests fail, it indicates that your SASE is not working correctly.

• Add block policy for phishing pages - This security check fails if a device accesses a known phishing website.
• Add block policy for cryptomining websites - This security check fails if a device accesses a known cryptomining website.
• Add block policy for C&C websites - This security check fails if a device accesses a known command and control (C&C) website.
• Add RBI solution for Unknown pages - This security check fails if a device accesses an unsecure and uncertified website directly without using remote browser isolation (RBI).