Breach & Attack Simulation (BAS) cyber security assessment platform is a SaaS based solution which enables organizations to test their security posture from an attacker’s point of view at any time. Attackers like Cyber criminals, malicious hackers, disgruntled employees, etc. use many different methods to try and breach the organization’s parameters and bypass security controls.
Now organizations can automatically execute various assessments on themselves using the different attack vectors, i.e. Email assessment, WAF assessment, data exfiltration /DLP assessments, Endpoint security assessment, hopper assessment, web security gateway assessment and immediate threats assessment,( see detailed descriptions below) and verify that their security framework is deployed well and that their cyber resiliency is high.
Benefits Brief Overview
- Wide coverage of attack scenarios
- Get a comprehensive security assessment of the most advanced, multi-vector and latest threats.
- Simulate a direct APT (Advanced Persistent Threat) attacks on an organization or a large-scale sporadic campaign targeting millions of organizations worldwide.
- Ability to perform On-demand testing
- Organizations’ can launch attack simulations from any location, either on-demand or scheduled for automated periodic testing.
- Shorten testing cycles and expedite remediation time.
- Immediate results
- Self-service model – No middlemen, keeping the you in control without the need to schedule assessments ahead.
- At the end of each execution a detailed report (management an d technical) will be produced outlining the vulnerabilities found, their risk scoring and recommended mitigation.
- Customer has access to the results in an intuitive and easy to use dashboard.
- Reports can be generated by the customer in PDF and Excel format.
- The Platform is a SaaS solution
- Easy and instant deployment through our Plug & Play solution.
- No hardware required.
- No need to manage a large number of agents.
- No additional expenses
- Simplifying the penetration testing procedures, with only a few clicks you can launch assessments with the unique platform, which has the knowledge, capabilities, and the experience the worlds leading security professionals.
- Secure testing
- All assessments are done in a controlled manner without putting the organization’s network at any risk.
- Will not interfere with the organization’s employee working procedures and day-to-day operations.
- The organization’s platform is secured, and all data is encrypted.
Components of a BAS
1) Email Security Assessment
The E-Mail Security assessment enables an organization to test its resiliency and identify vulnerabilities of the companies e-mail systems and security controls. During this assessment, solutions such as Secure Email Gateway (SEG), Sandbox, Content Disarm and Reconstruction (CDR) etc, are tested.
These tests will simulate different scenarios that resemble very common attacks methods used today like hiding ransomware, malware and malicious links in different email attachments.
The E-mail Security assessment allows organizations to launch a barrage of different attacks containing threats such as but not limited to: Malware, Ransomware, Worm, Payload, Exploit, Dummy
2) Web Gateway Assessment
Our Web Gateway assessment tests an organization’s outbound using common HTTP/HTTPS protocols to malicious websites, enabling the organization to test against a large, continuously growing database of malicious websites and IP address of bot nets etc. During these assessments, solutions such as Proxy, URL filtering, policies and secure browsing capabilities are tested.
The Web Gateway assessment allows simulation of web browsing and communication to websites in different categories such as but not limited to:
- Exploit kit
Our Browsing will also simulate downloading malicious files and browser related exploits, using highly evasive nation-stage grade Exploit-Kit
3) Phishing and Awareness Assessment
The Phishing and Awareness Assessment is intended to help organizations reduce the risk of spear-phishing, BEC, whaling, fraud and ransomware attacks. By focusing on raising an organization’s employees’ security awareness, the tool enables the customer to create and execute simulated phishing campaigns.
During these assessments, a number of phishing methods are tested: will the employee click on a “malicious” link, will the employee open an “infected” attachment or will the employee provide his\her credentials.
The customer can use pre-made templates for the assessment phishing campaigns or to create its own templates with an easy to use management console at the platform.
The phishing assessments can target all of the employees in the organization or target specific employees (Spear phishing).
At the end of the execution the system will produce a detailed report showing who “fell to the trap” and has either clicked or exposed further credentials.
4) Hopper-Lateral Movement Assessment
Our Hopper’s algorithm gathers common and specific techniques used by malicious hackers and cyber criminals to move latterly inside the organizations’ network to reveal potential breach spots of an organization’s domain network.
These tests will simulate different scenarios and attack methods that will test the deployment of security controls such as: EDR, EPP, Honeypots, IDS, SIEM etc, hence pointing out the internal security resiliency level.
Our Hopper assessment utilizes various techniques and methods to laterally move inside the network. Such techniques include but are not limited to:
- Pass the hash
- Privilege escalation
- Manually provided credentials
At the end of the execution the system will produce a network view of the workstations, servers, databases and network controllers which the tool managed reaching. For each reached asset, the system will identify the method in which it has been reached and a recommendation for mitigating the breach.
5) Web-Application Firewall Assessment
Our Web-Application Firewall Assessment tests an organization’s WAF configuration, implementation and features, to enable blocking of common Web Application payloads.
Our Web-Application Firewall assessment utilizes various techniques and methods to test an organization’s Web-Application Firewall. Such techniques include but are not limited to:
- Cross-site scripting
- SQL Injection (SQLi)
- Cross-Site Request Forgery
At the end of the execution the system will produce an executive summary outlining the security risks and a detailed technical report outlining the threats as well as mitigation recommendations are offered for each threat that has been discovered, depending on the category and penetration vector.
6) Data Exfiltration (DLP) Assessment
Our Data Exfiltration (DLP) Assessment enables organizations to test their DLP controls implementation.
The assessment is comprised of sophisticated exfiltration methodologies and common used ones in order to try and leak samples of data which is defined as sensitive to the organization like credit card numbers, Social security numbers and any other data which you consider sensitive.
The customer can easily customize the list of sensitive phrases, key words, regular expressions which it considers sensitive and are monitored by its security controls.
At the end of the execution the system will produce an executive summary outlining the security risks and a detailed report outlining the threats as well as mitigation recommendations are offered for each threat that has been discovered, depending on the category and penetration vector.
7) Endpoint Security Assessment
Our Endpoint Assessment solution allows organizations to deploy and run real ransomware, Trojans, worms, and viruses on a dedicated endpoint in a controlled and safe manner. The assessment ascertains if their security products are tuned properly and are actually protecting their endpoints against the latest attack methods. The comprehensive testing covers all aspects of endpoint security, including:
- Automated behavioral detection – Endpoint Detection and Response (EDR), or End Point Protection (EPP).
- Signature-based antivirus detection.
- Known vulnerabilities, including OS patches and third-party software.
- The assessment results are presented in a comprehensive report in an easy-to-understand format. This allows the organization to view the security state of each endpoint and take action to update and upgrade endpoints where necessary. Mitigation recommendations are offered for each threat that has been discovered depending on the type of attack and phase it reached in its distribution method.
8) Immediate Threat Notification and Assessment Service
The intent of the immediate threat module is to enable customers to be notified of active threats launched by cybercriminals and test their vulnerability using one of the above modules depending on the attack type.
Customers subscribing to this service will get a notification when an immediate threat is active with a link to run the assessment in the platform tool in order to check if they are vulnerable to the threat.