Return to Blog

Breach and Attack Simulation (BAS) continuously assesses the “readiness level” of your business’ security controls and relevant operations, using a threat and technique samples library.

Assessments are vendor and platform agnostic and categorically safe. They can assess network, endpoint and email security controls in cloud, on-premise and in hybrid environments and, if a certain threat from the library has been missed, it means with a hundred percent certainty the security controls in the stack failed to detect and/or prevent the threat.

Mitigation rules empower security teams to address any gaps on the spot and provide internalised, contextual threat information to SIEM/SOC platforms to enhance detection efficacy.

With customers across the globe ranging from financial, government energy, telecom, retail and manufacturing, BAS fills the gaps that pen-test, vulnerability management and policy management solutions cannot address.

Breach and Attack Simulation and Pentesec

BAS has been implemented within Pentesec’s Managed Service to enhance our ability to protect our customers. Our Managed Service gives you the support you need when you need it and our team are always here to answer your questions.

We provide you with easy to read reports containing high level detail and provide rapid response SLAs that will protect you against new and known vulnerabilities. Our Technical Team operate out of our own NOC, with a dedicated out of hours phone number to ensure you always reach a Certified Engineer on your first call.

If you don’t need a fully Managed Service, we also offer a Breach and Attack Simulation solution as a standalone product.

We manage everything for you and provide reports about any gaps in your infrastructure and, if there are problems, we are available to provide a remediation consultation that dives into your configurations, logs and determines what fixes are required and if they can be applied within your environment.

4 Reasons to Choose Breach and Attack Simulation

Independent from any vendor or technology, BAS is designed to continuously measure the effectiveness of security defences by using emerging threat samples in production environments.

The four reasons to choose a BAS solution are:

Intelligent Breach and Attack Simulation

A comprehensive threat and technique library containing nearly ten thousand samples enriched with unique identifiers of attack techniques, categorised based on targeted applications and operating systems, CVEs, CWEs and mapped to kill-chain and MITRE ATT&CK frameworks. This approach supports cyber security executives in enabling business while maintaining security readiness and mitigating threats quickly.

The Largest Technology Alliance Ecosystem

BAS assessments are completely agnostic to the brands of technologies deployed on assessment paths. Our vendors have established a large ecosystem of technology alliances to help mitigate any identified gaps quickly, effectively and with complete precision.

Unique Intelligent Automation Structure

BAS assessments are non-intrusive and have the capacity to emulate threat scenarios continuously, pulling new threats from the Threat Library to provide readiness assessments without any manual work.
If gaps are found in your existing security controls, it will enrich its findings with quick mitigation guidance and map this to detection and prevention capabilities within your existing infrastructure. This helps to lower the number of incidents and automates your security control validation.

Assessment Outputs to Empower and Align Teams

The Platform ties assessment findings to prevention and detection technologies, empowering SIEM, SOC, SIRT, Network Security Teams and Security Leaders to share and work around relevant context to create optimum solutions.

 

What is Detection Analytics?

Detection Analytics further enhance Security Control Validation activities by bringing the required log fidelity, defence capabilities and alerting efficacy insights to SOC context.

Detection Analytics queries SIEM security logs to identify the difference between the available and expected logs. Every emulated threat and adversary technique create a log in the relevant security controls should these emulations be detected or prevented.

Detection Analytics matches and compares SIEM queries with the results of the Threat Emulations. As a result, undetected, unlogged, and non-alerted attacks are identified on the spot. All findings are mapped to MITRE ATT&CK framework to facilitate incident analysis, incident response and threat hunting activities.

Does Detection Analytics also provide mitigation content to help address SIEM & EDR alerting gaps?

Yes, it provides ready to apply correlation rules for IBM Qradar, Splunk SIEM and VMWare CarbonBlack EDR platforms.

What SIEM Platforms does Detection Analytics currently support?

IBM QRadar and Splunk

 

How does Breach and Attack Simulation Work?

Designed to identify gaps in security controls and offer mitigation options, BAS delivers on these promises with a four-step approach.

Step 1 – Deployment

You can install and configure the BAS software solution in hours and your users start receiving results within minutes and increase the efficiency of your existing security infrastructure before investing in a new one.

Step 2 – Assessment

BAS fills the gaps that pen-test, vulnerability management and policy management solutions cannot address and allows you to take action in minutes with mitigation guidance a click away.

Step 3 – Measure

Interactive dashboards capture the overall picture of your security controls with objective metrics and list the gaps revealed, empowering your staff to act and protect your network.

Step 4 – Mitigate

Use vendor-specific remediation signatures for all the gaps revealed during the assessments and creates an actionable priority list.

BAS gives you the space to run risk free assessments in a production environment with an easily deployable solution. It focuses on security controls and increasing the efficiency of your existing security infrastructure through continuous validation.

How do Sigma Rules Work with Breach and Attack Simulation?

Today’s organisations suffer from lack of visibility and timely detection of security threats. Many implement SIEM technologies to centralise security logs and to improve detection capabilities in their infrastructure. With Sigma rules, SIEMs can achieve improved detection and correlation capabilities within an adversary threat context.

The cyber security industry shares threat context and adversary information using a common framework, such as MITRE ATT&CK. A common framework provides a channel to share information, however, there is no way to feed this information into SIEMs due to the lack of a common language and structure.

Sigma is proposed as an open standard to create a generic signature format for SIEM systems. The common analogy is that Sigma is the log file equivalent of what Snort is to IDS and what YARA is for file-based malware detection.

Using Sigma rules for SIEMs improves your incident detection with threat context, reduces the need for in-house expertise and effort and reduces “vendor lock-in” for detection signatures, by providing you with community support.

Mitigation guidance is now extended with Sigma rules (where applicable) to optimise the detection capabilities of organisations. This functionality takes visibility to another level. For each endpoint attack that cannot be prevented by endpoint controls, our solution now provides Sigma rules for the actions of the endpoint scenarios.

If the Sigma rules are applied, adversary activity that cannot be stopped by current endpoint controls can now be detected in a straightforward way. Sigma provides a practical way for enterprises to train their SIEM for better threat detection and visibility.

Integrated Security Solutions and Partnerships

With a large technology alliance ecosystem BAS integrates with vendors like Check Point and F5 to provide continuous security enhancement for end-users.

Using emerging threat samples in production environments, Continuous Security Validation and Breach and Attack Simulation enhance your security posture to help you get the most out of your investments.

BAS reduces the risk of breaches and non-compliance, lowers operating costs by optimising processes and people and lowers cap-ex costs by guiding cyber security investment decisions.