Assuring the security of cyberspace is a major challenge especially at the time of a rapidly evolving threat landscape. In the last few years, the number of attacks has increased dramatically by sophisticated and motivated adversaries. Cyberattacks result from exploitation of systems vulnerabilities by adversaries. In most sense, cybersecurity is the backbone of the nation’s critical infrastructure which means that a major security incident on cybersecurity can have catastrophic effects on the infrastructure. Recent studies have suggested the increasing threat of attacks against critical infrastructure. In addition to malware drive attacks which automatically and opportunistically exploits the technical bug, there are goal driven adversaries. They make use of both social and technical attack techniques to exploit complex interactions and harness architectural weakness with the intention to achieve particular goals. Therefore understanding adversaries capabilities, attack vectors and motivation is essential, due to the fact that these factors determine the adversary attack campaign and the risk they pose to the system.
Mainly red and blue teams are responsible to strengthen the organization’s cyber defense. In these scenarios the red team plays the role of an adversary whereas blue team attempts to deter these attacks. The disadvantages of this is that they are highly manual and resource intensive. Most of the organizations perform these periodically. This means that if the tests happen after a week or month, vulnerabilities may arise and go undetected during this period.
Breach and Attack Simulation (BAS) is the solution that makes sures that the weaknesses are found and addressed before being exploited by the adversary. BAS performs many of the critical red and blue team functions, but in continuous and automated fashion. BAS automatically detects the vulnerabilities in the systems. In 2018, Gartner rated the advantages of BAS as “high”. BAS is expected to go mainstream within the next 10 years, according to Gartner.
BAS performs different sets of attacks like placing files indistinguishable from malware onto a system to check whether the anti-malware tool detects it, sending malicious email via email filter. It also uses more complex attack scenarios that attempt to evade the security control systems to achieve a specific goal. In this way, BAS platform helps security teams to uncover a flaw in the control that needs to be remediated.