Going beyond pentesting: Understanding breach attack simulations

So you've set up comprehensive audit policies that will effectively help you stay on top of your network activity. You've also set up security controls such as automated workflows that are executed when a particular incident occurs. What next? Well, before you actually wait for an attack on your network, there's something you should be doing. You need to test the effectiveness of the controls you set up. Can your incident response handle external threats and generate the outcomes you were aiming for when you set up your security plans. Testing security controls is nothing new to organizations that have been around for a while and understand their organization's security needs. Organizations either have their own team of pentesters who evaluate the quality of the security controls. While this is a good effort at keeping the network clean, manual pentesting is a resource intensive process, that is time consuming and is setback by the fact that there is a global shortage of skilled cybersecurity personnel. Added to this, pentesting is conducted periodically and not continuously.

The above issues related to pentesting have given way to a growing demand for an automated attack simulation with the added benefit of continuous testing and remediation. Organizations are seeing the benefit of opting for breach and attack simulation (BAS) tools that can imitate actual attacks to check if the security controls can handle the heat.

A BAS platform works in conjunction with the TTPs described in the ATT&CK framework and enables your organization to routinely simulate the attacks that are most likely to threaten you. Introducing a BAS solution into your security program will lead to gradual creation of a purple team- new structure of security teaming, where the red and blue teams work together collaboratively to align their security roles and tasks. This is an alternative approach to the existing siloed security management and boosts communications between offensive and defensive security teams and fully leverages the skillsets of both.

Red and blue teams can work together to

• Create the testing regimen
• Collaborate to identify security control loopholes
• Strategize mitigation measures
• Remediate existing security controls and re-evaluate them for effectiveness.

How BAS solutions can help boost security posture?

• BAS tools can run non-malicious attack codes against your network's security controls and check if your controls can withstand an actual attack. The tools can simulate attacks against your endpoints and check for lateral movement of malware and other APTs through the network.
• While normal pentesting is more of a periodical affair where an organization's red team will simulate attacks, or will hire services of ethical hackers to pentest the network, breach and attack simulation tools check the network continuously. This prevents the lurking around of threat actors on the network since loopholes in your security controls are being checked and remedied constantly.
• The use of a BAS solution does away mostly with security relying on human skill. With the cybersecurity domain facing a skill shortage, skilled personnel are hard to come by and organizations with a smaller budget might not be able to afford to pay competitively. BAS tools can help organizations focus their security expenditure on a more accurate way of testing and checking security controls to keep their network safe.
• Several SIEM solutions are quickly integrating with BAS vendors to launch add-on apps that can allow the SIEM vendor's subscribers to validate their SIEM integrations with their security controls. These BAS integrations also allow SIEM users to evaluate their firewalls, web gateways, IPS/IDS systems and check if their detection mechanisms are effective against these simulations.
• BAS integrations can also enhance an organization's SOAR capabilities. The results from the simulations can influence how you want your incident response workflows to work.

Overall not only can BAS solutions provide a more accurate and effective way for organizations to understand and improve their security posture, it can also amalgamate defensive and offensive security to form an airtight layer that is more attack-proof.