Raphael Ruf discusses the importance and methodology of breach and attack simulation for continuous security validation. He explains the architecture, deployment, and benefits of using automated validation tools like SafeBreach to ensure security controls are correctly configured and effective against current threats. The talk includes a demonstration of the SafeBreach platform, highlighting its ability to simulate real attacks, integrate with security controls for comprehensive validation, and provide actionable insights for improving security posture.

Key facts

• SafeBreach is used as the breach and attack simulation tool, described as a pioneer in the field.
• The process involves running continuously updated playbooks of real attack scenarios against simulators placed within the user's environment to test security controls.
• The SafeBreach platform allows for the integration of security controls and SIEM solutions, providing detailed feedback on the effectiveness of each control and the overall security posture.
• Scenarios are updated regularly to include new threats, with a typical update cycle of 24 hours to incorporate actions matching emerging threats.

Ideas

• Breach and attack simulation tools like SafeBreach provide continuous, automated security validation to ensure that security controls are effectively configured and functioning as intended.
• Automated validation uses real attacks to simulate threats in a controlled environment, allowing organizations to assess their security posture and identify vulnerabilities before they can be exploited.
• Integrating breach and attack simulation tools with existing security controls and SIEM solutions enables a more comprehensive view of security effectiveness and potential gaps.
• Continuous validation and testing allow organizations to fix security issues before they become exploitable problems, complementing manual penetration testing with ongoing, automated assessments.
• The use of simulators deployed on representative systems, rather than directly targeting production systems, focuses on testing the effectiveness of security controls without risking operational integrity.

Keywords

• Breach and Attack Simulation
• Continuous Security Validation
• SafeBreach
• Cybersecurity
• Security Controls

Quotes

• “The goal is to automatically check if all the security controls that I have in place are correctly configured and are doing their job as they are intended to do.”
• “We do that with real attacks so we place some simulators in your environment on the cloud and we run real attacks on those simulators and between them.”
• “It's not like you build a very big wall um it fend everything off but it something gets through the whole thing collapses so you will get um an idea of a result through the whole attack chain.”
• “We target your production security controls not your production environment.”

Recommendations

• Organizations should implement breach and attack simulation tools like SafeBreach to continuously validate the effectiveness of their security controls.
• Integrate breach and attack simulation tools with existing security infrastructure to gain comprehensive insights into security posture and potential vulnerabilities.
• Start with a baseline of scenarios for testing and gradually expand to more complex and specific simulations to continuously improve security measures.