Where Does Breach and Attack Simulation Come From?

By Jeff Broth

Over the past decade, the fields of cybersecurity and hacking have developed at incredible rates, much in response to one another. Whenever there is a major breakthrough within hacking communities that starts to show up around the world, it is similarly defended against, with the world’s cybersecurity network finding, fixing, and then documenting them.

This documentation is universally kept in the MITRE Attack Framework, which is a huge repository of different breaches that have been found, with documentation about how to defend against them happening to your own company. From this framework, cybersecurity experts have begun to develop a range of different strategies to ensure their companies are protected.

One of the most common forms of attack prevention work is running Breach and Attack Simulations within a company. These are automated responses where a computer will move through all the currently known potential exploits and hacking avenues of entry, ensuring that a company has sufficient defenses in each of these areas.

As this is a manual process, breach and attack simulations can continuously work in the background, helping a company to improve their overall cybersecurity by finding weak points in their own systems. If any critical points are encountered by the Breach and Attack Simulation, then a cybersecurity expert will work on crafting a fix.

In this article, we’ll be moving through all the core information about how Breach and Attack Simulation works, demonstrating where they came from and why they’re so useful for modern cybersecurity practices. Let’s get to it.

Where Does Breach and Attack Come From?

With cybercrime costing small and medium businesses over $2.2 million USD every single year and 66% of businesses stating that they actively worry about cyberattacks, it’s no wonder that the field of cybersecurity has flourished in the last decade. 

Out of the increasing likelihood of a cyberattack and the developing field itself, more and more businesses have begun to employ teams that help them improve their cybersecurity. As an attack can occur at any time, companies want to check all of their attack surfaces as quickly as possible, meaning that a teamwork approach to cybersecurity is always best.

A whole practice evolved from this teamwork, which is known as Red and Blue Teaming. This strategy is where a team of cybersecurity experts is split into two groups, the blue team and the red team, each with different tasks. On a given day, this Red and Blue Team event will occur in a company, with each team having a different objective for the day.

  • Red Team – The Red Team will be the attackers for the day. Using the MITRE Framework, they will move through all the most common methods that attackers normally use to break into a company’s security system. From there, they will attempt to break into the system, working through the platform and trying out different points of entry. Their main goal is to find entry into the system, pretending to be hackers with malicious intentions.
  • Blue Team – Alternatively, the Blue Team will act as the defenders for the day. They will respond to the threat created by the Red Team, attempting to monitor their systems, find the point of entry that the Red Team is attempting to access, and then block them off. The Blue Team will have to defend the system, using this exercise as practice for when a real security threat event occurs.

From this exercise, the Blue Team gains experience in how to manage the pressure of a cybersecurity threat, as well as the best practices that they can use to secure their systems. Simultaneously, the Red Team will be able to find weak points in their company’s system, which they can then use over the coming days or weeks as points of investigation. This exercise will form the basis for improving the overall health of their system.

This exercise is the principle of Breach and Attack Simulation came from, with the teams simulating attacking and defending in order to learn more about how to protect their own platform. There are two important aspects to consider before launching this breach and attack simulation exercise:

  • Off-Limit Content – While the whole point of the exercise is to break into your own company’s systems, there should be a general idea of what documents or files (if any) are off-limits to the exercise. This doesn’t mean you shouldn’t test their cybersecurity defenses, but you should ensure that employees that don’t have access to certain information won’t be able to access it during the exercise.
  • Documentation is Key – Every single process within the BAS teaming simulation should be documented. Each access point, every process, or specific action that was taken should be written down, so it can be consulted at a later point.

This is the origin of the breach and attack simulation, but it has developed over the past few years. 

The Movement To Automation

One of the core problems with the manual Red and Blue Teams’ BAS exercise was that it was incredibly time-consuming and resource-intensive. Not only would this take at least one full day, but it would be a demanding day that required a lot of employees to effectively run.

Due to this, the last few years have seen companies begin to turn to automatic Breach and Simulation tools. These machines will directly run a BAS process, automatically performing both the Red and Blue Team duties. From this, companies can automatically run this process around the clock, not nearly taking up as many resources while having the same responses.

Companies can run their Breach and Attack Simulation, then feed any weak points or changes that were encountered directly to their team of modification. This has been a sweeping change within the industry, with the vast majority of companies now using automatic Breach and Attack Simulation platforms.

Over the next few years, we’re likely to see the BAS systems develop even further, pushing the bounds of what cybersecurity sees as the capabilities of defense tool systems.

Jeff Broth is a business writer and advisor, covering finance, cyber, and emerging fintech trends. He has consulted for SMB owners and entrepreneurs for eight years.



Follow Brilliance Security Magazine on Twitter and LinkedIn to ensure you receive alerts for the most up-to-date security and cybersecurity news and information.