The Breach and Attack Simulation (BAS) module allows users to simulate cyber-attack scenarios on their network to assess the effectiveness of their security posture. The module provides a comprehensive list of more than 1500 attack use cases, enabling users to prepare and respond to various threat vectors.
Starting with BAS
Upon entering the BAS module, users are presented with a dashboard displaying their campaign list and respective statuses.
Dashboard Components:
- In-progress Campaigns: Shows ongoing campaigns with details such as completion percentage and scenarios in progress.
- Complete Campaigns: Lists campaigns that have been completed with statistics on success and failure rates.
- New Campaign Button: Initiates the creation of a new campaign.
Creating a Campaign
Creating a new campaign consists of several steps:
Step 1: Selecting Campaign Type
Users must select a predefined campaign template that matches common attack vectors or create a custom campaign.
Predefined Campaign Types:
- Ransomware: Simulate ransomware attacks to test resilience against encryption and ransom demands.
- Malware Family: Choose from specific malware families to test defenses against known attack patterns.
- APT Groups: Mimic advanced persistent threats to evaluate long-term security posture.
- DOS/DDOS: Assess the ability to respond to denial-of-service attacks.
- Custom: Design unique scenarios from a selection of over 1500 use cases.
You can preview templates within each Campaign Type by clicking on the “View Scenarios” button
Step 2: Scenario Selection
- Users can view and select specific scenarios to include in the campaign.
- Scenarios are detailed with the use case, tactics, and techniques applied.
Step 3: Configuration
- Set up test parameters such as source and destination IPs, ports, and user credentials.
- Customize the launch settings to target specific network segments or devices.
Step 4: Review & Launch
- Review all settings and scenarios chosen for the campaign.
- Validate configuration and launch the campaign.
Use Cases and Examples
Use Case 1: Ransomware Preparedness
- Objective: Assess the network’s defenses against ransomware attacks.
- Preparation: Select the “Ransomware” campaign type and choose scenarios that simulate ransomware behavior.
- Launch: Configure the campaign to target specific endpoints and initiate the simulation.
- Outcome: Review the success or failure of each scenario to gauge ransomware readiness.
Use Case 2: Defending Against APTs
- Objective: Understand how well the organization can withstand sophisticated APT tactics.
- Preparation: Choose the “APT Groups” template and select relevant APT scenarios.
- Launch: Set the simulation to mimic the behavior of known APTs and execute the campaign.
- Outcome: Analyze the campaign results to identify and strengthen weak points in the security framework.
Campaign Management
Monitoring Campaigns
- Users can monitor the progress of their campaigns in real-time from the dashboard.
- Adjust campaign parameters on-the-fly based on interim results.
