Frequently Asked Questions

Have a question? We are here to help.

What is breach and attack simulation (BAS)?

BAS takes traditional reactive cybersecurity programs and turns them on their heads, using automated tools to simulate real-world cyber attacks against an organization’s security controls. The SafeBreach BAS platform allows organizations to continuously evaluate their security posture by mimicking realistic attacks to help security teams identify vulnerabilities, prioritize remediations, and improve overall threat detection and mitigation capabilities.

What is the difference between BAS and other security testing approaches?

Automation: BAS is fully automated, while other methods often rely on manual testing, point-in-time exercises, or human expertise. This allows BAS to provide more comprehensive, cost efficient, and frequent testing.
Proactive assessment: BAS provides continuous, proactive evaluation of an organization’s security posture and incident response procedures.

How does the SafeBreach BAS platform improve security posture?

SafeBreach automatically tests and validates security controls, helping security teams identify gaps against known and emerging threats. Teams can then prioritize remediation efforts in order to reduce overall business risk and optimize their cybersecurity posture. They can also track and manage posture over time, leveraging the SafeBreach platform to set baselines and identify macro- and micro-posture drift.

What security surfaces does SafeBreach focus on?

SafeBreach safely simulates attacks across the cyber kill chain, including endpoint, network, cloud, web, application, and e-mail vectors. Host-level attacks can be carried out on Windows, Mac, and Linux endpoints.

Is SafeBreach technology 100 percent safe to run in my production environment?

Yes. SafeBreach is built upon a secure infrastructure paired with lightweight simulators. This ensures no production components are at risk during attack simulations while maintaining optimal system performance of production devices.

Who can benefit from the SafeBreach BAS platform?

BAS is designed to be cross-functional, breaking down silos when it comes to assessing and mitigating cyber risk. Here’s how BAS can support the teams or roles within a security organization:

Chief Information Security Officers (CISOs): BAS can help demonstrate security program effectiveness, justify new technologies, avoid compliance mistakes, manage budgets, and automate testing processes.
Board Members and Executive Stakeholders: BAS can help provide an understanding of cyber risk, evaluate investment risks, determine resource allocation, and gain confidence in cybersecurity measures.
Red, Blue, Purple, and Penetration Testing Teams: BAS can help automate testing, streamline processes, validate security control effectiveness, and refine attack methodologies.
Detection Engineering Teams: BAS can help streamline processes, enhance alert pipeline visibility, and increase confidence in detection capabilities.
Threat and Vulnerability Management Teams: BAS can help better leverage threat intelligence, identify critical vulnerabilities, and prioritize remediation efforts.
Security Operations and Engineering: BAS can help validate SIEM and SOC capabilities, prevent security drift, and ensure proper configuration of security controls.

What sets SafeBreach apart from its competitors?

SafeBreach is the pioneer in the BAS space. Our platform is backed by a world-renowned threat research team and our extensive playbook, which has over 30,000 attack methods, boasts the widest MITRE ATT&CK coverage in the industry, and is updated within 24 hours of emerging threats. Our technology is enterprise-ready, easily allows attack customization, and provides a large array of integrations, so simulation results can be shared directly with security controls, SIEM, SOAR, and workflow and vulnerability management tools. SafeBreach also offers unique reporting capabilities that provide a holistic view of an organization’s security posture, peer benchmarking, executive-level insights, and more.

Unlike our competitors, SafeBreach delivers:

24-hour SLA on US-CERT and FBI Flash Alerts.
The industry’s largest and most up-to-date threat playbook.
Unique and flexible reporting capabilities.
Easy-to-deploy enterprise coverage.
A dedicated threat research team.
Access to novel attack simulations.
Simultaneous integration with multiple vendors.

What other security tools does SafeBreach integrate with?

SafeBreach integrates with a wide range of leading security tools and platforms, including:

Security Information and Event Management (SIEM) systems
Security Orchestration, Automation, and Response (SOAR) tools
Workflow management and collaboration systems
Threat intelligence systems
Vulnerability management tools
Advanced threat protection platforms

For a full list, visit our Technology Partners page.

Can SafeBreach be integrated with threat intelligence vendors?

Yes, SafeBreach can be integrated with leading threat intelligence vendors including: Recorded Future, Anomali, AlienVault, Unit42, CrowdStrike, ThreatConnect, ThreatQuotient, and others.

Does SafeBreach integrate with any cloud providers?

Yes, SafeBreach integrates with major cloud providers like AWS, Azure, and GCP, enabling users to conduct attack simulations and security assessments across these platforms.

What are the benefits of using SafeBreach for cloud security assessments?

Using SafeBreach for cloud security assessments offers several key benefits, including:

Ongoing validation of cloud security controls, so organizations can stay ahead of evolving threats.
Simulation of sophisticated, multi-step attacks that can span entire cloud infrastructures.
Operation in isolated environments, which keeps production systems secure and unaffected while still allowing for thorough testing of the full attack surface.

How can the SafeBreach BAS platform be used to test the effectiveness of incident response plans?

The SafeBreach BAS platform can be used to test incident response plans by simulating real-world attacks, allowing organizations to assess their response readiness, validate custom detections, identify weaknesses, and refine their response procedures.

How does SafeBreach help ensure that security controls are aligned with my business needs?

The SafeBreach platform:

Automatically tests and validates security controls using the industry’s most comprehensive threat playbook.
Provides analysis to effectively communicate the security team’s efforts to stakeholders.
Provides data that can be used to help understand and report on aspects of compliance and support regulatory frameworks.
Assists in assessing inherited cybersecurity risks from mergers and acquisitions.
Helps organizations evaluate risks before investing in security services, optimizing resource allocation.

Do you cover MITRE ATT&CK? If so, what is your level of coverage?

SafeBreach was an early contributor to the MITRE ATT&CK framework, and our Hacker’s Playbook boasts the widest MITRE ATT&CK coverage in the industry. The playbook contains over 30,000 breach methods, and is continuously updated with original attack content from our world-renowned research team and within 24 hours of US CERT and FBI Flash alerts.

Key benefits of using SafeBreach with the MITRE ATT&CK framework:

Stay ahead with up-to-date attack playbooks
Execute full kill-chain attacks for thorough analysis
Visualize security posture based on threat intelligence
Communicate risk exposure effectively using MITRE heatmaps

Resource

SafeBreach Breach and Attack Simulation (BAS) Platform

Use Cases

Resource

SafeBreach Security Control Validation: Minimize Risk, Maximize the Return on Your Security Investments

GUIDE

Breach and Attack Simulation

Resource

SafeBreach & Zscaler Internet Access™

Resource

Four Pillars of Breach and Attack Simulation (BAS)

Frequently Asked Questions