Breach and Attack Simulations: How to Find the Gaps in Your Cyber Defenses

You probably already have blue/red team and pen testing set up. Now that the BAS market has matured, time to look at automating some of that effort?…:

[…] Here are several ways BAS tests the various attack vectors and the solutions that protect them:

  • Test Your Email Defenses. The breach and attack simulation platform sends a variety of messages to your email service that contain different types of infected file attachments (such as malware, ransomware, worms, and other payloads). This can test email filters, antivirus software, and sanitization solutions.
  • Identify Gaps in Your Browser and Website Defenses. The platform connects to dummy websites and pages containing malicious forms and scripts via HTTP/HTTPS protocols. The tests can check what pages make it past internet security filters and if endpoint protection can prevent malicious files from being successfully downloaded by the browser.
  • Check the Strength of Your Firewall(s). The platform can attack a specific URL (such as your company’s web portal or application) to find ways to circumvent the firewall that protects it. It tests whether the firewall can deter incoming malicious traffic. To take these attacks to the next level, BAS can also attempt to mine sensitive information and carry out cross-site scripting (XSS) and injection attacks to breach the firewall.
  • Test Common Social Engineering Tactics. BAS can launch dummy phishing campaigns on your own email systems to emulate social engineering attacks. Phishing emails, which can be customized for authenticity, are sent to real users within your organization. The test checks if users will actually click on malicious links. This helps you to identify which staff members need more training in social engineering awareness.
  • Test the Effectiveness of Endpoint Security Solutions. BAS platforms can check if malware — including viruses, ransomware, spyware, and worms — are able to exist and execute on workstations. They can also test and map out how malware can spread across your devices. This allows you to verify whether your solutions can detect and prevent the spread of malware within your network.
  • Identify Potential Network Attack Vectors. BAS can also simulate scenarios in which an attacker successfully breaches your network. This simulation helps you see whether an attacker can move laterally across devices using exploits, privilege escalation, and pass the hash validation requirements. The platform can also test if data can be exfiltrated and sent to a destination outside the network.

Some BAS technologies draw from knowledge bases like MITRE ATT&CK as references to the many possible tactics and techniques that hackers can employ. This makes the simulated attacks as realistic as possible.


Original article here