5 Breach and Attack Simulation (BAS) Solutions You Should Know About in 2020
Breach Attack Simulation Solutions – The threat ecosystem is growing extremely fast, which comes as no surprise to any professional in the industry. This situation is worrying for multiple reasons:
- It endangers the ongoing Digital Transformation affecting all industries: It will not be possible to modernize strategic industries in our economies, taking advantage of the transformative power of digital technologies, if we do not properly address the challenge of cybersecurity.
- The number, frequency and complexity of these threats make it impossible for companies to deal with them. Nowadays, this is an asymmetric battle and we are losing it. Criminals develop sophisticated tools – or in other cases they are freely available on the Internet – and with them, they attack countless organizations to achieve the expected Return on Investment (ROI). If we analyse only the number of data breaches reported in August globally, we can understand that things are not going well. It is estimated that the average cost of a data breach is over $150 million in 2020, with the global annual cost forecast to be $2.1 trillion. It is also estimated that in the first half of 2018 alone, around 4.5 billion records were exposed as a result of data breaches. In 2019, a collection of 2.7 billion identity records, consisting of 774 million unique email addresses and 21 million unique passwords, was posted on the web for sale. The list of existing high-profile data breaches is simply astonishing and we need to take into account that this list only includes those involving the theft or compromise of 30,000 or more records, although many smaller breaches occur continually.
- Criminals innovate, both in terms of attack methodologies and business strategies. The security forces are overwhelmed, unable to fight against innovative, flexible organizations with international infrastructure, high motivation, and an appetite for success. I am sure that some will regard this analysis as alarmist. Let’s analyse the 2020 Ransomware growth data to get a data-driven perspective of the magnitude of the problem.
- Lack of qualified personnel: Security Researchers are doing a great job. Responsible Disclosure programs and Bug Bounty platforms certainly help, but they are not enough. We do not have enough qualified professionals to cope with this challenge. Moreover, the bad guys leveraging automation together with AI, ML, DL is making things even more difficult.
- There is insufficient awareness of the magnitude of the problem at the business level, for example, in small and medium-sized enterprises, large corporations, as well as at the citizen, government and political level. This causes wrong decisions to be made with serious consequences.
What is a Breach & Attack Simulation?
To address these challenges, the cybersecurity industry is being proactive in proposing solutions to face the aforementioned problem, providing public and private organizations with innovative tools that help them assess their Cybersecurity Posture, to make investments in an optimized and intelligent way, to manage cyber risk and to improve their cyber resilience.
Among these solutions we find the Breach and Attack Simulation platforms group of tools, platforms, and services. These solutions are a subgroup of the general Cyber Posture category, which refers to the ability of an organization to defend itself against a cyberattack and covers elements like:
- Implemented policies
- Security controls
- Status from a cybersecurity perspective of existing software, hardware, services, networks, data and information, training and awareness programs for employees, bespoke protection against common attacks such as phishing, ransomware, and other variants of malware …
To understand the Cybersecurity Posture of your organization, you should carry out a Cybersecurity Risk Assessment, which would provide a detailed analysis of the cyber risks currently faced by your organization and consequently the strength of your cybersecurity posture to withstand a cyber-attack.
But let’s get back to the concept of Breach and Attack Simulation or BAS. It is a powerful approach, since it allows you to:
- Simulate sophisticated attack methods used by cyber criminals.
These simulations can be carried out in an automated and continuous way, mitigating to a certain extent the problem of the lack and cost of specialized personnel. Nevertheless, such solutions will never completely replace the Cybersecurity Researcher who can provide multiple powerful ingredients, such as rich business context, strong experience, or even imagination or intuition.
- BAS allows working in production environments without having an intrusive effect (without causing disruption or increasing latency in the network), assessing the behavior of existing security controls and putting into operation the MITRE ATT&CK Framework against the infrastructure of the organization, including networks, platforms, hardware, applications, virtual machines and in general, all the organization’s assets identifying where attackers can infiltrate, exploit hosts, move laterally and exfiltrate critical assets.
Figure 1: The MITRE ATT&CK and the Cyber Kill Chain frameworks
- The intelligence obtained through these technologies provides companies with valuable information to prioritize their investments in security products or vulnerability management programs – answering, for example, the question of which vulnerabilities should be resolved first.
- Some BAS solutions, in addition to simulating attacks and validating security controls, also offer the functionality of prioritizing the solution of the problems found.
For more information you can visit our search engine for cybersecurity solutions, @CSOfinder, which includes a database of more than 9000 solutions classified within over 200 categories and featuring:
- Product Companies
- Consulting and Services Companies
- Cyber Risk and Cyber Insurance Solutions
- Distributors, VARs and Integrators (Systems Integrators)
- Defense and Homeland Security (HLS)
How is BAS different to Automated Penetration Testing, Vulnerability Scanning and Red Teaming?
Breach and Attack Simulation solutions have some similarities with existing approaches, methodologies, and products. But there are differences too. Let’s shed some light on how BAS compares to:
- Penetration Testing: consists of carrying out normally manual tests to assess the effectiveness of existing security controls and vulnerability management programs. They have a previously defined scope and are carried out by security experts or “White hat hackers”.
There are different types of Pen Test:
- White Box in which background information is provided as well as the target systems.
- Black Box in which minimal information is provided.
The output of the Pen Test will indicate if the target systems are vulnerable to the tested attacks, as well as which defenses were defeated by those attacks.
Unlike BAS solutions, which provide a continuous view (24x7x365) of the cybersecurity posture, a Pen Test provides insight at a specific time. Large organizations usually carry them out several times a year, usually using different companies. The ultimate goal of a Pen Test is to penetrate the organization’s defenses, while BAS solutions seek to answer many other questions:
- Assess my Cybersecurity Posture
- How should I efficiently manage my investments in security solutions?
- What is my current exposure to Cyber Risk?
- Red Teams: Red Team exercises, using internal or external teams, have much more specific objectives and a simultaneous approach. They use more people and resources than a Pen Test and their goal is to fully understand the level of risk and vulnerabilities existing in an organization’s infrastructure, including its technology, human resources, and physical assets.
This strategy is commonly used in more mature organizations and can be a complementary level – and often is – to the use of regular BAS and Pen Test solutions. Once the Pen Test, Vulnerability Assessment or BAS analysis have been carried out, a Red Team is involved to try again to access sensitive information or break down defenses in any way possible and using any strategy or entry point into the attack surface.
- Vulnerability Assessment: it is a process that consists of identifying, quantifying and prioritizing vulnerabilities in a system. Vulnerability Assessments have multiple factors in common with Risk Assessments and frequently adhere to the following process:
- Inventory of assets, resources and capabilities of a system.
- Assignment of a quantifiable value and importance to the referred assets and resources.
- Identify vulnerabilities and potential threats to each asset or resource.
- Mitigate or eliminate the most serious vulnerabilities for the most valuable assets.
5 BAS solutions you should know
SafeBreach simulates thousands of attack methods to provide a hacker’s view of an organization’s security posture, paint a picture of the security exposures to an enterprise and prioritize remediation, securing against TTPs. SafeBreach Labs is dedicated to threat research from real-world investigation with the most extensive breach and attack methods in the industry with over 15,000 attack methods and growing.
The SafeBreach platform carries out continuous, automated testing of an organization’s security architecture using advanced, patented simulation technology. SafeBreach attack simulations are exact reproductions of an attacker’s tactics and techniques but pose no risk to the organization’s operations or assets. Attacks are executed between simulator instances deployed both within and outside the organization’s network. This approach provides broad coverage and fully tests the entire security ecosystem deployed by your organization.
AttackIQ gives customers the most consistent, trusted, and safest way to test and validate security controls at scale and in production. While competitors test in sandboxes, AttackIQ tests in production across the entire kill chain, the same as real-world adversaries do.
AttackIQ houses a large MITRE ATT&CK-aligned library of known adversary behaviors. Extend the foundation easily with the platform’s API-first approach to create your own scenarios.
XM Cyber provides the first fully automated breach and attack simulation (BAS) platform to continuously expose attack vectors, from breach point to any organizational critical asset. This continuous loop of automated red teaming is completed by ongoing and prioritized actionable remediation of organizations’ security gaps.
In effect, HaXM by XM Cyber operates as an automated purple team that fluidly combines red team and blue team processes to ensure that organizations are always one step ahead of the attack. XM Cyber was founded by top executives from the Israeli cyber intelligence community and employs an elite team of cyber offense and defense veterans. The company has offices in the US, UK, Israel and in Australia.
Picus Security, as one of the pioneers of Breach & Attack Simulation technologies, developed a novel and holistic approach to IT security: Continuous Security Validation.
Independent from any vendor or technology, the unparalleled Picus Platform is designed to continuously measure the effectiveness of security defenses by using emerging threat samples in production environments. Created by a team that’s already been working together more than 10 years and has proven their expertise in enterprise cybersecurity, Picus is trusted by many large multinational corporations and government agencies.
Scythe is an adversary emulation platform for the enterprise and cybersecurity consulting market. The SCYTHE platform enables Red, Blue, and Purple teams to build and emulate real-world adversarial campaigns in a matter of minutes. SCYTHE allows organizations to continuously assess their risk posture and exposure.
SCYTHE moves beyond just assessing vulnerabilities. It facilitates the evolution from Common Vulnerabilities and Exposures (CVE) to Tactics, Techniques, and Procedures (TTPs).
Wikipedia, List of Data Breaches
The Cybersecurity Observatory does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. The Cybersecurity Observatory research publications consist of the opinions of our own analysts and should not be construed as statements of fact.
No formal testing was performed on products or services for this analysis. These assessment findings are meant to serve as an input for our audience and their organizations. Users of these services must exercise judgement when choosing a service for their particular mission or telework needs.
We disclaim all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only.
5 Breach and Attack Simulation (BAS) Solutions You Should Know About in 2020