What is Breach and Attack Simulation (BAS)?

Explaining the latest security tool helping organisations identify and rectify vulnerabilities in their cyber defences

As organisations try and stay one step ahead of cyber criminals, Breach and Attack Simulations (BAS) are growing in popularity as a way of testing cyber resilience. The technology is used to automatically spot weaknesses in an organisation’s cyber security, a little like automated, ongoing penetration testing.

The global BAS market is expected to reach $1.68 billion by 2027 - a 37.8% growth from 2018’s figures - primarily driven by demand for prioritising security investments as vulnerability management grows ever more complicated.

Advertisement - Article continues below

Furthermore, Breach and Attack Simulation technologies were highlighted as one of the top solutions for CISOs to consider in a recent report from Gartner, because of its effectiveness at testing against known threats.

But just what are Breach and Attack Simulations, and how are they being used by businesses?

Related Resource

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

The different types of Breach and Attack Simulations

BAS is an emerging technology that runs simulated automated attacks, mimicking the attacks likely to be deployed by cyber criminals. These ‘pretend’ attacks can help a company identify potential vulnerabilities in security systems, as well as test out the detection and prevention capabilities.

According to Cymulate, BAS technologies fall into three main categories, depending on the approach needed.

The first is agent-based vulnerability scanners. As opposed to using protocols like SSH to remotely access network devices, this method involves running agents directly on target devices themselves to test them for known vulnerabilities. These agents are deployed inside an organisation’s LAN  and distributed across a number of machines, with the goal being to map out the potential routes an attacker could take to move through the network.

The second type of BAS tests the organisation’s security by generating ‘malicious’ traffic inside the internal network. Virtual machines are set up inside the network which act as targets for the test, using a database of attack scenarios. The BAS sends attacks between these machines, then checks that the organisation’s security solutions are able to detect and block the traffic.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The third category consists of multi-vector simulated attacks, and are the most advanced and true-to-life type of simulation that can be deployed. This ‘black box’ approach puts a lightweight agent on a workstation within the network. Usually cloud-based, the assessments utilise distinct types of attack tactics to try and bypass the security in place, both internally and externally to the organisation’s LAN.

Pros and cons of Breach and Attack Simulations

One major benefit of BAS is the automation aspect. Having tests scheduled and frequently carried out automatically by a tool means that potential weaknesses can be spotted and dealt with quickly, compared to one-off tests where staff may be more alert to issues.

Automated tests can be particularly useful in larger organisations where networks are constantly changing, especially if new tools are being deployed, software is updated, or operations expand into new locations. Regular tests can identify issues with complex networks quickly and efficiently, and some BAS technologies can be set up to run constantly, meaning that vulnerabilities can be spotted almost instantly.

Related Resource

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

However, human cyber experts are usually much more creative in how they deploy attacks. BAS is limited in what it can test, and can only run known attack simulations. This is why penetration testing - a simulated attack run by highly trained security professionals to probe business systems for vulnerabilities - may uncover different problems compared to BAS.

Advertisement - Article continues below

There is also a danger that IT teams can end up overloaded with notifications on an ongoing basis with BAS, especially if there is no easy way to differentiate routine issues from important alerts.

As with many security tools, Breach and Attack Simulation is not a comprehensive solution, and different tools have different purposes depending on how they are deployed. However, as part of a comprehensive cyber security strategy, BAS can play a valuable role, particularly as the technology matures and BAS providers continue to evolve their offerings.

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020