hamburger

BitDam Blog

Introducing BitDam’s Breach & Attack Simulation (BAS)
Alex Livshiz
Alex Livshiz
3 minutes & 45 seconds read · June 25, 2019

Introducing BitDam’s Breach & Attack Simulation (BAS)

At BitDam, we always try to provide our customers with the most comprehensive solutions to cope with cyber threats. As such, we perceive it important to not only provide them with protection against the most sophisticated attacks, but also help organizations assess their existing security gaps and act accordingly. This is why we introduced the BitDam penetration testing tool a while back. This PenTest tool got TONS of positive feedback, so we decided to go bigger, and are happy to introduce BitDam’s Breach and Attack Simulation(BAS).

Breach and Attack Simulation vs. Penetration Testing

Until recently, the common practice when an organization wanted to test its security, was to pen test its various defenses. This process is usually done manually by repeating the following cycle:

–  Search for an attack vector (e.g. file attachments in emails).

–  Find an exploit for attacking (e.g. an exploit for code execution in a PDF, running a malicious macro in an Office file etc.).

–  Provide an “attack POC” that bypasses the defense (e.g. sending an email with a malicious macro that bypasses the email security scan, while the file can’t really make any harm).

Although this is a very useful tool, it has some serious drawbacks:

– The process is mostly manual, meaning it’s costly and not scalable.

– No automated “executive summary” showing the current security’s weaknesses and strengths. This is crucial in order to understand which defenses need more attention or require upgrading. This is done manually, and again, makes the process expensive and inefficient.

– Requires heavy investment in R&D red teams (internal or outsourced) that focuses solely on pen testing the organization’s defenses.

This is where Breach and Attack Simulation comes in.

Breach and attack simulation (BAS) is a technology that simulates cyberattacks in order to test a network’s cyber defenses. It enables organizations to assess security effectiveness by simulating hacker breach methods to ensure security controls are working as expected. BAS technologies are fully automated enabling organizations to assess security continuously in real production environments, eliminates guesswork, incorporates business risk context, and provides actionable results.

BitDam’s Breach & Attack Simulation

BitDam’s E-mail-Centric Breach & Attack Simulation is offered as a free service allowing organizations to assess how vulnerable they are to email cyberattacks. Getting access to BitDam’s dashboard, users gain visibility into the Breach & Attack Simulation results within a few minutes from signing in. Through the dashboard, they can see their current level of email protection, the types of cyberattacks to which they are vulnerable and the type of threats that they are protected from.

What makes BitDam Breach & Attack Simulation a good email security assessment tool?

– As some of you may know, BitDam’s Advanced Threat Protection solution shows one of the highest detection rates in the industry (I can write a whole other post about the reasons for that…). Maybe the most important thing about BitDam’s solution is the fact that it identifies the most sophisticated and camouflaged attacks that bypass most other security solutions. These are the attacks that we include in our Breach & Attack Simulation. In other words – the quality of the attacks is what matters and you can be assured that BitDam Breach & Attack Simulation includes the most sophisticated, high quality attacks that are out there, and the ones that might show up next.

– More about quality? Many of our researchers used to work in the offensive side of the cyber world. And they used to be good at that. Some of the “attacks” in our Breach & Attack Simulation are developed by these experts.

– And hey, it’s not just what we develop in-house and what we see at our customer-base, we also make sure to be updated on new cyber techniques, trends and attacks that are out there on a daily basis, as active players in the global cyber community.

 

All that allows us to build a powerful database of files and attacks to use in our Breach & Attack Simulation solution.

How to use it?

Our Email-Centric Breach & Attack Simulation platform allows an organization to test its current email security defense with a click of a button and identify attack vectors that bypass current defenses and puts them in risk:


It takes just a few minutes to set up, requires no IT overhead, and hey – it’s free!

Try it yourselves here and evaluate your current email security gaps within less than 15 minutes.