Breach & Attack
Validate your security choices by simulating attacks.
At some point you may get a nagging feeling that some of the security controls you have implemented may not work as well as advertised. As a defender, you have to be on alert all the time. The only way to maintain significant levels of confidence is to constantly validate the resilience of your organization against known and emerging attack methods. This is the inconvenient truth about cybersecurity as we know it today.
Our threat driven and continuous validation approach will provide you with the data you need to determine if your security controls are working as expected.
Why BAS matters
Automated continuous validation of security controls
Simulate relevant attacks
Monitor your progress
Evaluate your resilience & efficacy
Extend pentest report value
A new approach to validation
Breach & Attack Simulation (BAS) is a new approach to attack simulation and differs from the traditional pentests and red teaming exercises in a significant way. The traditional tests are valuable in that they provide insights in the most probably attack path that an adversary may take. It is the path of least resistance through an organisations defences. These tests are important but not designed as a method for validating and fine-tuning security controls or enhancing security roadmap building. Yet this is how they are often (mis)used and may unintentionally lead to a trail-and-error approach to cyber security.
BAS on the other hand is aimed at providing insights in a wide variety of (potential) attack paths. This makes BAS especially suited for validating and fine-tuning security controls. Once the relevant BAS-attacks are under control traditional scenario based pentests or red teaming may be used periodically for (external) validating an organizations overall resilience. Breach & attack simulation tools are in itself however not a silver bullet. The tools needs to fit your controls like a tailored suit and need to be embedded in your organization. They also require resources and capabilities to follow-up on the findings to ensure that your specific security controls are optimized. When deployed well however, it will provide an organization unique capabilities to validate security controls, with rich insights into the resilience of an organization against specific attack methods.
Hunt & Hackett helps organizations to get the most out of BAS-technology through our managed service. We deploy the technology, validate the payloads for its testing purpose, apply the relevant attack scenario’s and unit tests for your organization to enhance and optimize your security controls. Our frontline (offensive) experts ensure that the right controls are tested, with the right set of tests. They also develop custom payloads where needed for more accurate validation.
When deciding on the balance and investment of prevention, detection and response controls there are multiple challenges to solve:
- How do you continuously select, update, implement and evaluate efficacy of relevant security controls?
- How do you maintain significant levels of confidence on how well they work?
- How do you continuously validate the resilience of your organization against known, emerging and relevant attack methods?
- How do you ensure that known risks and test results are mitigated across the board?
We provide our BAS service to help you solve these challenges by managing, creating & maintaining the attacks that are relevant to your organization.
This constant validation of how well the security controls operate as well as how they interact as a whole to build resilience against the latest vulnerabilities and attack methods provides valuable insights into the resilience and efficacy of the organization.
In addition we also help you to extend the value of your penetration test reports by making them reproducible with the same technology that we use to continuously validate the effectiveness of your controls.
How it works
An overview of our BAS process
After you've contacted us, a Hunt & Hackett BAS expert will perform a short first triage and plan a threat diagnostics meeting together with the you and your most relevant stakeholders.
The first threat diagnostics meeting is held with the customer via a conference call. You attend the meeting with key people that are knowledgeable on the business processes as well as on the implemented security controls.
Based on the first threat diagnostics output a budget is drafted and a proposal is drafted (providing budget overview, technology to be deployed, hourly fees etc.). In addition a Mutual NDA and a Statement of Consent are provided.
You sign off on the Proposal, NDA and Statement of Consent and share the signed document with Hunt & Hackett. We will countersign those and start preparing for deployment.
Hunt & Hackett plans a kick-off meeting in which our BAS experts explain the deployment process and gives an overview of the created systems. A single agent is deployed on a single system to test the end-to-end ability to perform tests. The rest of the agents are deployed on the target systems.
You will define the frequency and priority of testing and how to handle new vulnerabilities and attacks. Do they warrant immediate attention?
Hunt & Hackett provides you with an overview of the prevention and detection controls and how they held up against specific attacks. Next to this we provide an overview of the resilience you have against chose threat actors and which controls (prevention, detection & response) can be optimised as well as what other security controls may be considered to improve overall resilience.
You fine-tune or adjust your prevention, detection and response controls based on our BAS-insights.
Hunt & Hackett will continuously support you by validating the resilience against relevant new threats, actors or techniques that are applicable to your industry and context.
Why Hunt & Hackett?
Your trusted ally in cybersecurity
Skills & Expertise
The Hunt & Hackett team has unrivalled expertise and skills, having recruited the top experts from within the world of cybersecurity, incident response, forensics and operations to operate a SOC.
Hunt & Hackett combines both expert analysis of historical forensic evidence and real-time threat detection and hunting, allowing the team to detect attacker activity.
Technology & Tools
The platform allows immediate, real-time visibility into your IT environment, identifying potential compromises and allowing quick action to make sure incidents don’t escalate.