Data Breach Emulation Raises the Bar

By: David DeSanto

Your network is under siege. Both the nature of the Internet and hackers’ use of automated tools mean that attacks occur around the clock. To ensure that the tools and policies you have in place are sufficient to protect your network and data, you need to continuously assess, validate, and identify any potential weaknesses, so you can address them before they can be exploited. Not all assessment methods are created equal, however. There is a critical difference between methods that rely on emulation and methods that rely on simulation, and data breach emulation methods provide a more accurate assessment of your security posture

Evolving Threat Landscape

There is no such thing as an impenetrable network or invulnerable security. The threat landscape is constantly evolving, so a network that is secure one day may be vulnerable the next. The total annual number of data breaches has risen consistently, and each year seems to crush the previous one in terms of the number of breached or affected accounts. According to Dark Reading, nearly 8 billion information records were exposed in 2017—the result of a record-breaking 5,207 reported data breaches.

Breach incidents aren’t cheap, either. The Ponemon Institute found that the average cost of a data breach in 2017 was $3.62 million. The 2017 Cost of Data Breach Study breaks that figure down to an average of $141 per stolen record. That adds up pretty quickly, which is why it is critical to stay one step ahead of the evolving threat landscape by testing your security posture.

Purple Team Assessments

The only way to determine whether your network and data are really secure is to subject them to an attack—but you don’t want to wait for cybercriminals to compromise your network. By testing your security tools and policies yourself, you can locate holes in your defenses and identify weaknesses and vulnerabilities that you can resolve or mitigate proactively, before an actual breach occurs.

Penetration testing—or Red Team assessments—have been around for many years. In recent years, organizations have also incorporated the defensive, or Blue Team, components for a more thorough and realistic assessment, creating a combined “Purple Team” assessment strategy. But many companies only conduct assessments annually or quarterly.  Infrequent assessments are certainly better than nothing, but attackers don’t wait to develop new exploitation and attack techniques on an annual or quarterly basis.

You need to assess and validate more frequently. While automated Purple Team assessment tools enable you to verify your security posture continuously, equally important is to assess the right way—which leads us to the difference between data breach emulation and data breach simulation.

Emulation vs. Simulation

On the surface, the terms simulation and emulation seem similar. It’s easy to dismiss or ignore any differences in meaning as a matter of semantics or marketing hype. However, when it comes to Purple Team assessments and validating your security posture, there is a distinct—and important—difference between simulation and emulation.

Let’s start with the actual definition of each word:

  • To simulate something means to create a likeness or a model of it. So a simulated attack is a model of a real attack, created using artificial activity and other props.
  • To emulate something means to imitate or mimic it. So an emulated attack uses real-world tools and techniques to create an actual attack.

Most penetration testing and Purple Team assessment tools rely on data breach simulation.  While  simulated  attacks  accomplish  the  goal of  testing  your  security


Latest Updates

Subscribe to our YouTube Channel