The Breach and Attack Simulation (BAS) module is an integral component of the threat intelligence platform that enables users to validate their organization’s security posture by simulating a range of cyberattack scenarios. Utilizing a repository of over 1500 attack use cases, the BAS module allows security teams to create, manage, and analyze the effectiveness of their security controls against known attack vectors.
Section 1: Breach Simulation
1.1 Total Scenarios Overview
This section provides a quick glance at the total number of breach scenarios, their detection rates, and a breakdown of scenarios detected by Security Information and Event Management (SIEM) systems and Blue Teams.
Features:
- Total Scenarios: Displays the number of simulated attack scenarios.
- Overall Detected by SIEM: Shows the percentage of scenarios detected by SIEM systems.
- Overall Detected by Blue Teams: Indicates the percentage of scenarios detected by the organization’s Blue Teams.
Usecase Examples:
- Security teams can review the effectiveness of their SIEM solutions and Blue Team responses.
- Identify gaps in security posture and areas that require improvement or additional training.
1.2 Scenario Detection Details
Detailed insights into the breach scenarios, including the number of detected, not detected, and to be determined scenarios.
Features:
- Detected: Number of scenarios successfully detected by the security controls.
- Not Detected: Number of scenarios that went undetected, indicating potential vulnerabilities.
- To Be Determined: Scenarios that are currently being evaluated.
Usecase Examples:
- Evaluating the total number of undetected scenarios to prioritize security enhancements.
- Tracking improvements over time by comparing the number of detected scenarios in subsequent simulations.
Section 2: Security Score Graph
2.1 Security Performance Trends
A graphical representation of the security performance over time, showing the number of scenarios against detected scenarios.
Features:
- Scenarios vs. Detected Scenarios: Line graph comparing total scenarios against those detected over a selectable time frame (e.g., last 7 days, 30 days, 3 months).
- Data Range Selector: Allows users to adjust the displayed time range for a customized view.
Usecase Examples:
- Monitoring detection trends to assess whether security measures are improving over time.
- Identifying specific dates or periods with unusual activity, which could indicate security events or changes in the threat landscape.
Section 3: Campaigns and Launch Statistics
3.1 Campaigns Statistical Overview
Displays the statistics of the campaigns created within the BAS module.
Features:
- Total Campaigns: The total number of campaigns created.
- Campaign Status Distribution: A pie chart showing the percentage of campaigns completed, in progress, and not applicable (N/A).
Usecase Examples:
- Tracking the progress of ongoing security testing campaigns.
- Assessing the readiness and speed of campaign completion.
3.2 Launch Statistical Overview
Insight into the launches of the campaigns.
Features:
- Total Launch: The total number of campaign launches.
- Launch Status Distribution: A pie chart representing the completion status of the campaign launches.
Usecase Examples:
- Monitoring the number of active simulations to manage resource allocation.
- Ensuring that all campaigns are executed and completed as scheduled.
Section 4: Tactic Overview
4.1 Tactic Success Rates
Provides an overview of the different tactics used in the scenarios, along with their detection rates.
Features:
- Tactic Identification: Lists the tactics by their ID and name (e.g., TA0006 Credential Access).
- Success Rate: Shows the percentage of scenarios for each tactic that were successfully detected.
Usecase Examples:
- Identifying which tactics are consistently detected and which are more likely to evade current defenses.
- Prioritizing security improvements based on the tactics with lower detection rates.
