Breach and Attack Simulation (BAS) aims to improve the shortcomings of red team engagements. This should be achieved by automating the steps an APT or threat actor executes. These steps are commonly categorized in TTPs, which stands for Tactics, Techniques, and Procedures. Based on the TTPs the observed patterns of behaviour of a threat actor can be categorized. The MITRE ATT&CK framework provides a library of known TTPs.
The continuos nature of Breach and Attack Simulation can provide a real-time view of a company’s security postures. Prevention, detection and mitigation capabilities will be evaluated continuously. Emerging attacks circumventing existing controls can be identified quickly.
After all, BAS and a red team engagement can complement each other. The red team engagement shows only the ability to bypass the protection at a single point in time based on one scenario. A Breach and Attack Simulation will have to be planned thoroughly to achieve good coverage of a company’s security posture.