Everything you need to know about breach and attack simulation

By: Jordan

24, September, 2019

Categories:

Everything you need to know about breach and attack simulation

Cyberattack is no more a distant threat. Any and all types of organisations are its potential targets. Once successful, the attacker can conduct all sorts of crimes, ranging from misuse of information to extortion of money. They can even carry out large-scale killings, as marked by security researchers Billy Rios and Jonathan Butts who, at the 2018 Black Hat cybersecurity conference, highlighted the security vulnerabilities in Medtronic’s pacemakers that could be potentially exploited by the hackers to make the implantable device malfunction. An attack of such a nature could prove to be fatal and have devastating consequences- something seriously scary to even imagine!

Enterprises are considering the risks of cyberattacks and are taking efforts to prevent and combat such attacks in their quest to survive and grow their business further; however, despite the deployment of multiple security solutions and control measures, we have seen enough number of companies –even some major companies- falling prey to cyberattacks and losing a lot.

The fundamental question that remains even after the deployment of security solutions worth millions of dollars is- Whether the solutions offer the required level of security?

Companies today conduct security audits, vulnerability assessments, penetration testing, red team testing or threat hunting to detect vulnerabilities in the systems and avoid a possible cyber breach. But each of these methods has some limitations that restrict a company from finding its one final comprehensive solution to all the security related concerns.

Breach and attack simulation (BAS), a new type of tool, can come to the rescue here.

Breach and Attack Simulation

BAS is an emerging technology that helps in testing a network’s cyber defences by running simulated attacks similar to the attacks executed by hackers. These simulated attacks can help in evaluating a company’s security systems and their prevention, detection and mitigation capabilities.

BAS runs automated attacks, with the market currently having a range of BAS tools. Some BAS solutions can run surprise mock attacks, while some can conduct scheduled mock attacks. Some of the BAS tools also feature machine learning and artificial intelligence capabilities and have the capability to conduct sophisticated attacks in order to assess the state of a company’s cybersecurity infrastructure. As diverse as the currently available BAS tools are, most of them are capable of returning the reports quickly, with some taking just a couple of minutes to provide a report on the simulated attacks carried out and their effects on the company’s cybersecurity systems.

Do You Feel You Should Adopt BAS Too?

As per Gartner, big companies have 30 to 70 security vendors. While this underscores the importance and seriousness of cybersecurity, it also highlights the complex environment that the companies have built with so many security systems in place. These security systems need continuous upgrades in order to tackle the new and advanced security threats, and these upgraded systems have to be tested regularly to see if they can even combat the potential cybersecurity threats. The most cost-effective way of conducting continuous testing of the new and upgraded cybersecurity systems could be BAS tools.

Other types of cybersecurity testing approaches, including penetration testing, need intervention of human experts. Although human experts can be more creative and clever in devising a breach attack simulation similar to the like-minded cybercriminals on the other side, they cannot carry out testing as frequently as the automated BAS tools. Moreover, human experts are also costly and not all companies can afford to engage with them frequently for cybersecurity testing.

BAS can also prove to be of much help in the current environment where the enterprise networks are constantly evolving and expanding due to the rise of IoT and cloud computing. Companies have not only expanded their reach outside the confines of their domestic markets but are also expanding their network by allowing the addition of more internet-enabled mobile devices to the network by means of offsite working or Bring Your Own Device (BYOD) model. This has made the enterprise networks more complex and vulnerable simultaneously.

In such a scenario, regular, systematic and consistent testing and monitoring of security controls and systems is essential for the companies to evade cybersecurity breaches, and BAS tools are slowly proving their worth in this regard. The technology, however, will take some more years to become a mainstream cybersecurity solution. The presently available iterations of BAS tools do not offer a comprehensive solution but are rather meant for different purposes. Some are aimed at simulating attacks that can breach network defences, while some are more advanced and can also measure the exploitation stage and post-exploitation stage responses of a company during a cyberattack.

BAS tools are capable of simulating data exfiltration, a cyberattack on the company’s web application firewall, a phishing attack on an organisation’s email systems, a malware attack on an endpoint or even a lateral movement within networks. This suggests that the BAS tools can execute a diverse range of breach and attack simulations, highlighting the vulnerabilities in a company’s security system and helping it prepare better to make its defences immutable. Furthermore, many of the tools can run 24×7 thereby offering immediate notifications upon any change in the network that could result into any vulnerability which could put the company’s network at risk.

A major scale application of BAS technology will be undertaken by the Group of Seven nations (G7) in June 2019. As part of the exercise, organised by the Bank of France, a cross-border cybersecurity attack will be simulated on the financial sector across the G7 nations including Japan, Italy, France and Germany to understand the cross-border impacts of such an attack. The three-day simulation will study the effect of a malware infection on a technical component that is widely used in the financial sector. Twenty-four financial authorities including finance ministries, market authorities and central banks from the seven nations will be a part of this exercise. This will be a first-of-its-kind cross-border exercise.

Disadvantages of Breach and Attack Simulation Technology

BAS technology is still in its nascent stage. The existing automated BAS tools can run known attack and threat simulations and are yet to evolve further and leverage new technologies like AI, deep learning, big data and machine learning to improve their performance further that can match the creativity and ingenuity of the hackers and their new and sophisticated attacks.

BAS tools and their frequent tests including surprise attack simulations can increase the number of security alerts that the already overworked security personnel are dealing with. It can make it difficult for them to differentiate very important alerts from the ones that are generated by BAS tests and can be ignored safely.

The generated alerts can overload IT security professionals and the responsive actions triggered by the simulated attacks can put the production systems offline or slow down the operations.

Future of BAS

While the market for automated breach simulation tools is still evolving, it is safe to say that BAS is different from other available security testing solutions in the market. The technology’s capability to run continuous tests at limited risk and help companies find vulnerabilities in their cybersecurity infrastructure will only drive its adoption by more and more companies in the future as the threat landscape evolves.