Multiple attackers can be simulated by connecting the Attacker in the model to multiple entry points at the same time. If you want to compare different attack scenarios against each other, create a new scenario for each entry points you want to simulate.
All distributions can be customized to simulate various attack scenarios, attacker profiles or to disable attack steps in the simulation. There are four different ways to alter the statistics of the simulations:
1. In the Web modeler, distributions can be customized on one or more objects by right clicking on an object and go to Preferences > Attack steps > Local TTC
2. In Labs, select Add tuning and set a Custom TTC distribution
3. Use the securiCAD Enterprise SDK to customize the model setup
4. Define your own or customize the MAL specification of the domain specific language you are using. Go to https://mal-lang.org for more information
Defenses and attack steps cannot be added directly in the UI. However, there are two workarounds:
1. Add defenses and attack steps by changing the MAL specification of the domain specific language you are using. Go to https://mal-lang.org for more information
2. If the defense or attack you want to simulate is not available and you don’t have access to the MAL specification, it can still be possible to achieve the desired results:
a. Defenses stops the attacker from succeeding with certain attack steps, for example if a user account has MFA enabled, it is not enough to steal the password. This can be achieved without specific defenses by disabling attack steps or altering the distributions. Going back to the MFA example, for the user accounts we want to simulate the existence of MFA where no defense is available we can disable the attack step that lets the attacker assume the account instead.
b. Very specific types of attacks that are not represented in the simulation can often be represented by other attack steps. For example if you want to simulate a supply chain attack but there is no specific attack step for that you can instead think of what a supply chain attack would lead to i.e., compromise of software or applications. You can connect the attacker directly to those existing attack steps in addition to your normal entry points to simulate e.g., a supply chain attack.
The majority of the functionality in securiCAD Enterprise can be automated by using the API or SDK.
The simulation reports can be exported to a Word document in the Project overview. Results can also be accessed via the API or SDK.
Models are most often reported as invalid because you are missing high value assets in the model (i.e., no consequence is set) or that the Attacker is not connected to any entry point. This can be fixed in the Web modeler or by using Transform.
Updated over 1 year ago