BAS In Action: NetSPI’s Breach and Attack Simulation Demo
In this video, NetSPI Vice President of Research Scott Sutherland provides a deep-dive demo of NetSPI’s Breach and Attack Simulation (BAS) tool. See our centralized detective control validation platform in action and learn how it gives companies the ability to create and execute custom procedures using proven technology and expert human penetration testers.
Ready to continuously simulate real-world attack behaviors, not just IoCs, and put your detective controls to the test in a way no other organization can? See BAS in action or schedule a 1:1 meeting with the NetSPI BAS team to get started.
Table of Contents
00:00 Introduction
Scott Sutherland explains market trends and gaps that led to the development of NetSPI’s Breach and Attack Simulation.
02:09 Vocabulary
Learn key concepts such as Procedure, Play, Playbook, Operation, and Agent, to set the stage for the rest of the video, ensuring that no matter your detective control experience, you understand the benefits and use cases of NetSPI’s Breach and Attack Simulation.
05:17 The Landing Page
Learn what it looks like when you first log in to NetSPI’s Breach and Attack Simulation platform. Clearly see summary information about your company’s detective control levels, what agents are active, what operations have recently been completed, and more.
Scott explains the most used features on this screen:
- Download Profile or Download Agent – Designed to make it easy to get started by completing downloads with a single click through our SaaS offering.
- Create Operation – Allowing you to learn what you have executed and measure detection levels throughout your organization.
- View Results – Jump back into the operation you last ran to view findings and pick up where you left off.
07:09 Play Execution
Learn how to execute a play using NetSPI’s Breach and Attack Simulation. We make it simple by organizing plays and procedures by MITRE ATT&CK phase, showing you each individual procedure, technique, when it was last run, and associated visibility levels.
Here, we also explain how to execute and automate plays within the platform.
11:58 Workspace
The Workspace is the main place where analysts and engineers will spend their time. Learn how NetSPI’s Breach and Attack Simulation is designed to enable and educate SOC teams by providing visibility levels, descriptions, business impact, verification instructions, detection improvement guidance, supporting resources and more for each play within the Mitre ATT&CK Framework.
The Activity Log feature centralizes project status, communications, and reporting between your teams.
Tags provide SOC teams the answer to the question, “Why does this matter?” by showing the Threat Actor, Tools, and Malware that use this specific attack.
Finally, data is organized within dynamic charts that update in real-time, allowing your team to understand moment-in-time detection levels. Finally, these charts can be exported for reporting purposes.
18:47 Timeline
Learn how the Timeline dashboard allows you to measure the effectiveness of detective controls over time and calculate return-on-investment over customizable time periods. Prove the value that investments, staffing, or process changes are delivering.
21:23 Heatmap
Learn how NetSPI’s Breach and Attack Simulation platform maps detection coverage capabilities to each phase of the cyber kill chain for each tactic or technique within the MITRE ATT&CK framework
24:28 Operations
Learn how to customize the scope, procedures, plays, playbooks and reporting within an operation.
26:09 Create & Update
Learn how to create and edit operations for specific use cases such as simulating specific threat behavior, subsets or categories of procedures and plays, or target specific techniques or procedures that you or your organization are concerned about.
32:25 Playbooks
Learn how to create playbooks within NetSPI’s Breach and Attack Simulation platform.