Simulate an attack

Follow a virtual attacker throughout your environment

When you have created a model, it is time to run the actual simulations where the virtual attacker is let loose in the model.

Find out how an attacker would work its way forward in your environment

Attack simulations are conducted step by step. In other words, the virtual attacker will behave just as a real attacker would; for each step or achievement, it would check out its new situation to see what additional opportunities and alternatives it has.

Since the attacker in many cases will see several different alternatives to proceed, it can follow several different attack paths when exploring the model.

Some paths will require much effort while others are more appealing, depending on the properties of the model.

Alter security properties to see what impact they will have on an attacker’s progress

When a simulation is done, securiCAD will present the most likely attack path, i.e. chain of attack steps, that an attacker would follow.

In addition to this path, securiCAD will also present several secondary attack paths that the attacker might find useful as well.

The amount of effort an attack path will require is highly dependent on two things; the security properties of each object along the attack path and the structure of the model.

Therefore, you will see hints on what can be improved along the way in the attack path. These properties are shown as missing or imperfect defenses and correcting them might force the attacker to choose another, harder, attack path instead.

Unknown, low detail or omitted parts of the environment are taken into account

Since the attack simulations are based on probability, different properties of the model are not limited to “present” or “absent”, but are allowed to exist with a probablility. For instance, patch level, default passowords, public vulnerabilities and so on may have a probability set to them. This means that when the attacker is arriving at a certain position in the model, the next step might be easy or not depending on for instance patch level.

The same technique applies to things we have not detailed in the model. So, unless we have detailed that no additional open ports exist on a server, such opportunities might be available to the attacker.

If we want to increase the level of detail, i.e. after checking if there are any non-modeled ports on this server, we can enable the Hardening parameter to state that this server doesn’t give such opportunities to the attacker.

Iterate between simulation and modeling follow up

Since each simulation will reveal several possible attack paths, it is recommended to review them while modeling so that they match the real (or the prospected) IT environment being modeled. Sometimes you will see that a certain part of the model would benefit from additional details.

In other words, simulations often calls for further investigation of certain assets in the IT environment.