Automated breach simulation – a growing market segment

Organizations are investing a significant amount of time and resources building, implementing,
improving, and measuring security controls. Breach Simulation systems greatly facilitate this process, which was until now perform in mostly manual means (PT).

Gartner estimated a that the spend on information security globally rose well above $80 billion by the end of 2016, Until the end of 2020, the highest growth is expected to come from security testing, IT outsourcing and data loss prevention (DLP).
But many professionals feel that the technology sprawl is hampering their efficiency more than it is helping them. The problem isn’t lack of tools, it’s that the industry is over-investing in a diversity of complex and unwieldy solutions.

A typical medium-large organization invests in at least 35 different security technologies and hundreds of devices which are potentially effective but are trapped in silos that
limit their capabilities.

What are breach simulation technologies?

A secure network architecture should follow a defense-in-depth philosophy and be designed with
multiple layers of preventive controls. While preventive controls are ideal, detective controls are a must.
There is no way to prevent every attack and sometimes preventive controls fail. Even though a firewall is
preventing certain traffic from entering the network, if unauthorized traffic is somehow able to subvert
these preventive controls it will not be identified if logs are not being collected and reviewed in order to
detect an attack. For this reason, it is essential that a comprehensive defense-in-depth architecture
include detective controls designed to monitor and alert on anomalous activity.
Detecting intrusions into a network is not accomplished by deploying a single piece of technology.
Establishing a well-defined breach and attack simulations exercise program allows organizations the
ability to identify malicious or anomalous traffic on the network and determine how the analyst should
respond to this kind of traffic (Critical Security Control: 20). When performing this kind of test, it is
important to create traffic which mimics current attack methods.

New services have emerged that help organizations to do just that – assessing the effectiveness of
security procedures, infrastructure, vulnerabilities, and techniques by using breach and attack simulation
platform. Such simulations test the vulnerability of your organization for e.g., ransomware attacks,
(spear) phishing and whaling attacks, or clicking on malicious banners and links on websites.

These platforms allow organizations to run continuous, on-demand cybersecurity simulations at any
time without affecting their systems. As a Software-as-a-Service (SaaS) breach and attack platform, it
simulates multi-vector, internal or external attacks by targeting the latest vulnerabilities, including those
that are in the wild. These simulated attacks expose vulnerability gaps which allow the organization to
determine if its security architecture provides the right protection and if its configurations are properly
implemented. Overall, breach and attack simulation platforms have become a powerful tool in the
arsenal of the organization’s security team.


Security testing techniques, tools, and service offering from vendors

Other than established and cross-solutions vendors such as Rpaid7 and Qualys, the following
emerging vendors offer notable service in the breach simulation category include:

  • AttackIQ
  • Cronus
  • Cymulate
  • eSecureVisio
  • SafeBreach
  • Mazebolt
  • ThreatCare
  • Whitehax
  • Verodin

To download the full report, click here.

Tags: , , ,