Breach and Attack Simulation Platforms
Breach and attack simulations are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.
Gartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.
What makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.
There are three different types of BAS solutions:
- Agent-based BAS solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.
- BAS solutions based on “malicious” traffic. These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls.
- Cloud-based BAS solutions. BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.
By running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.
This automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.
Suppliers Breach and Attack Simulation Platforms
Vendors Breach and Attack Simulation Platforms
F.A.Q. about Breach and Attack Simulation Platforms
What problems do BAS tools attempt to solve?
BAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.
For which companies are BAS solutions suitable?
If you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.
However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.
How to Evaluate a BAS Platform?
- The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.
- The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.
- An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.
- The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.
- Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.