What is Breach and Attack Simulation (BAS)?

Explaining the latest security tool helping organisations identify and rectify vulnerabilities in their cyber defences

As organisations try and stay one step ahead of cyber criminals, Breach and Attack Simulations (BAS) are growing in popularity as a way of testing cyber resilience. The technology is used to automatically spot weaknesses in an organisation’s cyber security, a little like automated, ongoing penetration testing.

The global BAS market is expected to reach $1.68 billion by 2027 - a 37.8% growth from 2018’s figures - primarily driven by demand for prioritising security investments as vulnerability management grows ever more complicated.

Furthermore, Breach and Attack Simulation technologies were highlighted as one of the top solutions for CISOs to consider in a recent report from Gartner, because of its effectiveness at testing against known threats.

But just what are Breach and Attack Simulations, and how are they being used by businesses?

Related Resource

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

The different types of Breach and Attack Simulations

BAS is an emerging technology that runs simulated automated attacks, mimicking the attacks likely to be deployed by cyber criminals. These ‘pretend’ attacks can help a company identify potential vulnerabilities in security systems, as well as test out the detection and prevention capabilities.

According to Cymulate, BAS technologies fall into three main categories, depending on the approach needed.

The first is agent-based vulnerability scanners. As opposed to using protocols like SSH to remotely access network devices, this method involves running agents directly on target devices themselves to test them for known vulnerabilities. These agents are deployed inside an organisation’s LAN  and distributed across a number of machines, with the goal being to map out the potential routes an attacker could take to move through the network.

The second type of BAS tests the organisation’s security by generating ‘malicious’ traffic inside the internal network. Virtual machines are set up inside the network which act as targets for the test, using a database of attack scenarios. The BAS sends attacks between these machines, then checks that the organisation’s security solutions are able to detect and block the traffic.

The third category consists of multi-vector simulated attacks, and are the most advanced and true-to-life type of simulation that can be deployed. This ‘black box’ approach puts a lightweight agent on a workstation within the network. Usually cloud-based, the assessments utilise distinct types of attack tactics to try and bypass the security in place, both internally and externally to the organisation’s LAN.

Pros and cons of Breach and Attack Simulations

One major benefit of BAS is the automation aspect. Having tests scheduled and frequently carried out automatically by a tool means that potential weaknesses can be spotted and dealt with quickly, compared to one-off tests where staff may be more alert to issues.

Automated tests can be particularly useful in larger organisations where networks are constantly changing, especially if new tools are being deployed, software is updated, or operations expand into new locations. Regular tests can identify issues with complex networks quickly and efficiently, and some BAS technologies can be set up to run constantly, meaning that vulnerabilities can be spotted almost instantly.

Related Resource

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now

However, human cyber experts are usually much more creative in how they deploy attacks. BAS is limited in what it can test, and can only run known attack simulations. This is why penetration testing - a simulated attack run by highly trained security professionals to probe business systems for vulnerabilities - may uncover different problems compared to BAS.

There is also a danger that IT teams can end up overloaded with notifications on an ongoing basis with BAS, especially if there is no easy way to differentiate routine issues from important alerts.

As with many security tools, Breach and Attack Simulation is not a comprehensive solution, and different tools have different purposes depending on how they are deployed. However, as part of a comprehensive cyber security strategy, BAS can play a valuable role, particularly as the technology matures and BAS providers continue to evolve their offerings.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Most Popular

The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020