Cyber-attack simulation is the practice of testing an organization’s network security and incident response preparedness on-demand and without exploits to determine an organization’s security posture.
Cyber-attack simulation differs from many of the current and already practiced security controls such as Penetration Testing (pentesting), security assessment and table-top exercises. For example, pentesting makes use of exploitation code whereas cyber-attack simulation does not. In addition, cyber-attack simulation differs from a security assessments since the breach method used may not be from an actual vulnerability, it maybe in policy deficiencies or human-error. While in a table-top exercise a rehearsal of what your organization will do in the case of an emergency is conducted, but in a cyber-attack simulation it replicates the actions of an attacker.
SecurityOrb.com had the opportunity to interview Marcus j. Carey, the founder of vThreat, a cyberattack simulation start-up that offers its cyberattack simulation as a software-as-a service (SaaS) application on The SecurityOrb Show. Carey stated, “Vthreat offers its service on-demand, you can conduct an attack simulation anytime. You do not have to wait annually or quarterly as with some of the other services.”
vThreat has a free tier as well as paid tier delivery for its cyber-attack simulation service. One key attribute of vThreat’s cyber-attack simulation offering pertains to the non-use of software agents on organizational assets, instead they make use of the cloud or java-script snippets.
If you will like to meet Marcus to obtain more information about his Cyber-Attack Simulation service, he will be attending the upcoming ShmooCon 2016 on Jan. 15 to 17 at the Washington Hilton Hotel in Washington, DC.