Top 5 BAS Services You Need to Know About
Breach & Attack Simulation (BAS) tools are an emerging category of security products that test a network’s defenses by simulating cyber attacks.
According to Gartner, BAS tools “simulate a broad range of malicious activities (including attacks that would circumvent their current controls), enabling customers to determine the current state of their security posture.”
Crucially, BAS technology provides a company with actionable visibility into its cyber posture while automating and improving its consistency. While BAS tools don’t replace penetration testing, they are often a more cost-effective and expansive solution.
BAS solutions vary widely, especially regarding the degree of customization, the scope of their focus, and complexity of deployment. But, are they really that essential? Why?
BAS Tools Fill The Visibility Gap
The fundamental purpose of BAS tools is to answer the question: How well do your organization’s cyber security measures work in defending your network and assets?
As careful and experienced as your security team may be, security unknowns are sure to exist. In addition, the sheer volume of cyber security applications creates new security challenges; how has a change in one affected the operation of another? How has the addition or removal of a cyber security tool affected your security posture?
BAS tools fill this visibility gap. Ashley Arbuckle, Cisco’s VP Global Security Customer Experience describes the value of BAS tools, stating they “offer an efficient and consistent way to measure the effectiveness of existing security detection capabilities and operations.” And since BAS tools are automated, they provide cost-effective, continuous cyber attack simulation testing. Any change to your network and the BAS tool alerts you to new vulnerabilities.
Our Top 5 BAS Services
In no particular order…
- SafeBreach: SafeBreach is one of the earliest BAS providers, which means it offers one of the more mature options in this field. It has patented BAS technology that focuses its simulations on multiple attack vectors. SafeBreach allows for both network and cloud-based simulators. This deployment combination enables it to cover cloud, network, and endpoint security infrastructure. As such, its simulations result in detections across the entire kill-chain.
- Cymulate: Cymulate is a fairly new vendor that’s quickly gaining a solid reputation. Its focus is also on running simulations on multiple attack vectors. It provides broad coverage as opposed to digging deep into one attack vector and covers email gateways, web gateways, web application firewalls, endpoint security, full kill-chain APT, lateral movement (network), and data exfiltration (DLP). In addition to identifying security gaps, Cymulate also provides remediation insight and analysis. Simulations can run with or without an agent.
- Verodin: Verodin is another early entrant in BAS technology. It integrates with a variety of leading security vendors. Thus, it’s one of the few vendors to support detection testing through integration with other cyber security products like firewalls and data exfiltration. Its central approach is to provide data-based evidence that businesses can use to refine their security position.
- XM Cyber: XM Cyber is a specialist in simulating APT attacks. It automates both attack simulations and defense processes in a purple team approach, providing you with a prioritized list of remediation actions. You define your network’s critical assets. XM Cyber’s tool then focuses its APT simulations on compromising those assets and identifying the optimal remediation plan. Once a specific simulation test is complete, you can replay the attack and watch it as it evolves.
- AttackIQ: An exciting feature of this BAS tool is its response and remediation exercises used to train cyber security teams. These exercises measure your team’s effectiveness and response time. You can run attack scenarios taken from the company’s library against infrastructure assets you select. You can also download scenarios shared by other customers and customize them. Post-test reports enable you to analyze attacks and responses. Their tool integrates with a variety of endpoints, networks, cloud, identity, data, and SIEM security systems.
Which BAS Tool is Best for your Enterprise?
It depends. (Sorry.)
Every enterprise has its own unique requirements and priorities. These vary based on the size of your organization, and the nature and volume of your most critical assets. Ideally, you’ll want a BAS tool that runs accurate simulations in realistic ways.
You may also wish to consider:
- How does it present its findings? Does it offer prioritization guidance? Does its post-test reporting provide actionable insight?
- What’s the scope of its simulations? Can it assess all the applications in your security infrastructure, no matter the vendor? Does its attack simulations cover all the elements along the kill-chain?
- Which attack vectors does it cover? Does it look at your email security posture? Examines your network security? Covers endpoints?
- What attack techniques and methods does it use, and can they provide the visibility your enterprise needs?
- Last, your BAS tool should run without affecting network availability or user experience.
You can dig deeper into BAS tools by reading about how to set up a breach and attack simulation, check out the differences between BAS and Pentesting, and further exploring the risks and rewards of BAS technology.