Breach and Attack Simulation – BAS Products Compared

10 years ago, when Gartner defined SIEM (Security Information and Event Management) it was trending in the cybersecurity landscape, and every organization was looking for one. More players started coming in with different set of architecture and deployment based on organizations size and requirements. Even now there are new companies coming up with a new SIEM product. However, we know who are the leaders in the SIEM industry with experience and analyst reports like Gartner’s Magic quadrant. In the last 4 years the same trend is happening to SOAR (Security Orchestration Automation and Response) industry. Every major cyber security players either built one or acquired a SOAR product. Now in the last 2 years another buzzing term is trending which is BAS (Breach and Attack Simulation). BAS helps to automate cyber security attack simulation and help the purple/blue team to automate continuous security validation.

BAS tools will help teams to quickly validate the environment after a new security attack or exploit going around or network/patch update in their environment. These tools automates and reduces the work load of the purple and red teams. With so many BAS tools in the market I have done some research to find out what they offer, the platforms where you can deploy them and run, the pricing model and some of the key features. I hope this summary helps individuals or organizations in their process of deciding and implementing a BAS tool.

VendorDescriptionSupported Installation PlatformsFeaturesPricing model

Infection Monkey


Infection Monkey is an open source Breach and Attack Simulation (BAS) tool that assesses the resiliency of private and public cloud environments to post-breach attacks and lateral movement.Windows, Debian, and Docker.Test your infrastructure running on Google Cloud, AWS, Azure, or premises.

Automatic Attack Simulation.

Continuous & Safe Assessments.

Actionable Recommendations.
Open source
CALDERACALDERA is a cyber security framework designed to easily run autonomous breach-and-simulation exercises. It can also be used to run manual red-team engagements or automated incident response.Any Linux or MacOSIt is built on the MITRE ATT&CK™ framework and is an active research project at MITRE.Open Source
securiCAD by foreseetisecuriCAD is a foreseeti product, developed to perform virtual attack simulations on models of IT architectures.Not listedCreate a model, simulate an attack and get the risk report.Enterprise-ready solution and got a community edition with limited features
AttackIQAttackIQ builds on the MITRE ATT&CK framework of adversary tactics, techniques, and procedures (TTPs) and emulates those TTPs to exercise security controls in the same way an adversary does, in production.Supports both SaaS and on-premises deployments and full application programming interface (API) workflows.AttackIQ SOP is powered by both dedicated content team and customers submissions.

Security analysts can easily modify python-based scenarios to create custom tests for proprietary requirements, uploading any scripts in python, bash, or PowerShell for the platform.

Gives detailed analysis of protection failures and actionable insights into rapid remediation.
Starting price is $5,000 per Test Point Engine.
Scythe

SCYTHE is an adversary emulation platform for the enterprise and cybersecurity consulting market. The SCYTHE platform enables Red, Blue, and Purple teams to build and emulate real-world adversarial campaigns in a matter of minutes. SCYTHE allows organizations to continuously assess their risk posture and exposure.
Offered as a SaaS model or on-premises.Multiple command and control channels.

Mapped to MITRE ATT&CK & ATOMIC Red team integration.

Leverage Cyber Threat Intelligence.

Automate adversary behaviors and TTPS.

Customize with python modules.
Virtual File System.
Not listed
XM CyberXM Cyber’s Breach and Attack Simulation (BAS) connects the dots from breach point to critical asset if there exists any potential attack path. Next, it creates a prioritized remediation plan to help you quickly eliminate steps hackers would take inside your environment.On-premise or in the cloudRisk based Vulnerability Management.

Compliance Support.

Red Teaming.

Auto Penetration Testing.

Vulnerability Scanning.

Vulnerability Prioritization.

Patch Management

Continuous Assessment

Prioritized Remediation
$95,000
CymulateCymulate’s breach and attack simulation platform is used by security teams to determine their security gaps within seconds and remediate them.SaaSSimulate Attacks based on MITRE model.

Evaluate Controls like NIST to Identify Gaps.
Remediate with Actionable Insights .
From $40,000 to $500,000.
Picus SecurityPicus developed Agile SecOps methodology in order to help enterprises beat threats systematically and overcome the most common challenges they face everyday.Picus exists as a virtual appliance or as software to run on physical or virtual Linux platforms.

Deploys in hours and begins returning results just minutes later.

No technology dependencies.

Works in complex production environments.

Identifies weaknesses in real time
Includes modules for HTTP, HTTPS, endpoints and email
Dashboards and alarms.

Prioritizes security needs.
$10,000
Safe BreachSafeBreach Platform automatically executes thousands of breach methods from an extensive playbook of research and real-world investigative data and prioritizes remediation activities based on business risk. Patented simulation technology.On-premises or private cloud deploymentsSimulate 15K attack techniques.

Visualize results across the kill chain, attack sophistication, phase, asset, leak rate and more.

Remediate by integrating with automation and ticketing solutions.

Automatically verify remediation with continuous validation.
Pricing is based on the number of simulators deployed. It costs $50,000 per year for 10 of them
CyberBattleSimThis is an experimental research platform from Microsoft. The simulation environment is parameterized by a fixed network topology and a set of vulnerabilities that agents can utilize to move laterally in the network.Linux or WSLOffers OpenAI Gym interface to its simulation.

Perform local and remote attacks.






Open source

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s