Get in Touch Close Menu

Breach & Attack Simulation

Frequently Asked Questions on Breach and Attack Simulation

1. What is Breach and Attack simulation?

Breach and Attack Simulation (BAS) automatically identifies weaknesses in the organisation’s cyber defences by mimicking likely attack paths and techniques used by malicious threats. To be used alongside a sustained penetration testing programme carried out by experienced ethical hackers, it offers continuous and automated attack simulations.

2. How does BAS test?

  • Attack simulation on email defences –The Breach and Attack Simulation (BAS) platform sends messages containing different infected file attachments to user’s email to test antivirus software, email filters, and other solutions.
  • Identify gaps in web filtering – The BAS platform connects to dummy pages and websites that contain malicious forms and scripts through HTTP/HTTPS protocols to test which sites make it past security mitigations.
  • Checking the strength of your firewall – The BAS platform will scan the attack surface on company URLs to identify vulnerabilities.
  • Testing the efficiency of Endpoint Security solutions – A simulation designed to identify and simulate how malicious software can spread through an organisation’s devices.
  • Identify potential network attack vectors – The platform can simulate scenarios in which an attacker has successfully breached your network and is trying to move laterally to understand weak points.

3. What factors should I look out for to identify the best BAS software?

  • Ease of deployment and use
  • Input flexibility
  • Timely results
  • Easy integration with other data sources
  • Output of real-time analytics and reports