Getting Started
What is BAS?
Breach and Attack Simulation (BAS) is a cybersecurity testing method that simulates real-world cyber attacks on a network or system to assess its vulnerabilities and the effectiveness of its defenses.
Why is it important to whitelist the simulator files?
They might seem "threatening" by some EPPs
What is the Playbook?
A collection of more than 30,000 breach methods which can be added to an attack scenario
What is an integration?
An integration in the context of SafeBreach refers to the capability to connect and interact with a variety of third-party systems and tools.
Integrations within SafeBreach are managed through a dedicated Integrations page where users can view, configure and manage these connections.
Where can I find my overall security score?
On the homepage - "Security Posture Optimizer"
What is the goal of BAS?
The goal of BAS is to identify and prioritize vulnerabilities, assess the potential impact of an attack, and validate the effectiveness of the organization’s security controls and response plans.
Why should we configure impersonated users?
In order to test attacks and run commands with different privileges
What are APTs?
Advanced persistent threat - known threat actors
What is the first integration to be connected?
SIEM. It helps SafeBreach identify the attacks status (missed/detected etc.)
How can you hand over the aggregated hashes and ports for remediation to the IT team?
By exporting a CSV file that includes all the missed simulations
What is the SLA for new US-CERT alerts?
SafeBreach provides an attack/scenario within 24 hours of the alert release.
On which operating systems can you install simulators?
Linux, Mac and Windows
What are the general cyber attack phases?
Infiltration - Host Level - Lateral Movement - Exfiltration
What enables SafeBreach to collect data and determine attack results?
What is a SIEM integration
What is IOC-based remediation?
IOC-based remediation involves identifying and responding to specific indicators of compromise (IOCs) within a system to detect and mitigate cyber threats
Why should you define your data assets?
In order to assess their vulnerability in the simulations.
What is the purpose of the collector?
It aggregates data from on-prem security controls and transfers it safely to the cloud using one port
What are "Advanced Actions"?
Simulations that take realism to the next level and can generate a certain impact on the environment
Why is it beneficial to integrate your SIEM to the SafeBreach platform?
It supports the platform in the attack status identification process
What is "Behavioral Remediation"?
Behavioral remediation focuses on identifying unusual or suspicious activities and patterns that might not be documented as IOCs
What is the SafeBreach application workflow?
Attack, Analyze, Remediate, Report
What roles can be assigned to a simulator?
Critical Service, Infiltration, Exfiltration, eMail Attacker, eMail Target, Data Asset, Non critical (no role assigned)
How can you test your defense against the latest threats? (2)
Run scenarios from the "Known Threats Series" and by importing threats from your integrated Threat Intelligence services
Workflow and automation integrations allow you to?
Receive notifications and updates via email, Slack etc.
What is the automated analysis correlation process?
It's Responsible for matching the events fetched from the security controls and the SIEM to SafeBreach events, to detect the success or failure of attacks