Jason Lackey
Solutions Marketing

What is Breach and Attack Simulation?

February 25, 2020 by Jason Lackey

What is Breach and Attack Simulation?

Gratuitious plug - Keysight's Breach and Attack Simulation offering - Threat Simulator
Keysight's Breach and Attack Simulation offering - Threat Simulator

Breach and Attach Simulation, BAS, is an approach to IT security where an automated system continuously probes an organization’s network, looking for vulnerabilities. One way of thinking is that Breach and Attack Simulation can be said to be akin to a virtual or automated red team. Additionally, most agree that the best solutions not only assess or measure your security posture, but also provide some sort of recommendations for remediation.

How is Breach and Attack Simulation Different from Pen testing?

Breach and Attack Simulation offers a number of advantages over pen testing, but has limitations as well. In fact, it is probably best to look at the approaches as being complementary rather than competing. One key difference is that Breach and Attach Simulation, or BAS, offers predictable, programmatic repeatability. Scans and checks are performed in a predictable, repeatable way. A human red team, in contrast, is not going to be so deterministically repeatable. Asked to test the same environment again, a human pen tester will eventually do something different from the first time.

A pen test is also akin to a snapshot in time – it reveals the state of affairs that existed at one time, while Breach and Attack Simulation is intended to be deployed in a mode where security validation is continual and ongoing.

There is also the matter of cost – it is expensive to have a red team. While there is no doubt about the utility of having skilled hackers on staff, in the real world there are significant limitations at the budgetary layer of the OSI model that may prevent smaller or less generously funded shops from employing their own red team.

Why Would an Organization Deploy Breach and Attack Simulation?

There are a number of reasons why an organization might want to explore deploying breach and attack simulation.

More effective security – it is said that you can’t manage that which you can’t measure and one of the few ways you can measure the effectiveness of your security infrastructure is by using a good Breach and Attack Simulation platforms.

Ongoing security – just like a pen test is a frozen snapshot in time, BAS provides a continual, ongoing view of what’s happening on your network.

Better bang for the buck – most organizations are already heavily invested in infosec in one way or another. NGFW, IPS and WAF, as examples, are rarely cheap and need attention from skilled tenders. Operationally, one of the things that often happens is that changes intended to be one-off, temporary efforts (“Hey bro, can you open up SMB to the DMZ for me real quick? Just need to touch this one box then you can shut it back down…”) end up being more permanent than anyone intended. People get busy, fire drills happen, people forget and ports get left open. BAS will tend to catch things like that while a one-time pen test…is just that, one time.

Anyway, there are a lot more things to be said about Breach and Attach Simulation and ways that deterministic, automated test and validation can bring goodness and light to your security efforts, but we will save some of those for a later day.

In the meantime, I invite you to check out our latest and greatest product, Keysight Threat Simulator.

Thanks for reading.