posture to some extent, they fall short. Data breach simulation attacks use artificial network artifacts and replayed traffic and network activity. The problem is that many security products can see through the attempted deception. They are capable of recognizing fake traffic and activity and therefore discount or ignore it. They either treat the simulated attack as phony or identify it as non-malicious traffic and let the traffic pass through or block it as an invalid network stream. The result is not a comprehensive or valid assessment of how your security will withstand an actual attack. In fact, reliance on simulated attacks can create a false sense of security in situations where the simulated attack is arbitrarily blocked or detected but in real life such an exploit or malware may get through defenses and do damage.

Data breach emulation, on the other hand, leverages tools, techniques, and procedures used by real-world attacks and malware to imitate an actual attack. Emulation uses the exploits, applications, and malware currently used by malicious actors, creating realistic attack scenarios that mimic what your network is likely to experience from a malicious attack.

“Assessing data breach readiness has been expensive, time-consuming and difficult, and plagued with gaps and deficiencies,” says Jon Oltsik, senior principal analyst, Enterprise Strategy Group. “Having the ability to use actual intruder activity on an ongoing basis to assess how live monitoring systems will perform is essential to knowing whether an organization can find an intruder before disaster strikes.”

Security Assessment with Data Breach Emulation

Data breach emulation provides enterprises with a more thorough and accurate assessment of their security posture. But to be effective, the real-world threats must actually be real-world. A good emulation tool relies on a repository of real attack threats that is continually updated to reflect what is happening right now.  In other words, rather than relying on replayed traffic or fake network activity to expose your defenses to simulated attacks, effective data breach emulation uses threats that are in fact what an actual attacker puts on the wire.

In addition, useful data breach emulation assessments must use the threat repository in combination with knowledge of the latest emerging threats and experience defending against current attacks.  The threats are important, but so are the techniques and procedures—the methods—on which attackers rely.  It is this combination that makes data breach emulation assessment so powerful, providing you with a more thorough and accurate assessment of your security posture.

One new data breach emulation solution on the market is the Spirent CyberFlood Data Breach Assessment. The combination of an internal Security Services team, a Threat Research team, and external partnerships across the threat intelligence community enable Spirent to continuously collect and use a wide variety of real-world attack threats.

A report from 451 Research on CyberFlood’s Data Breach Assessment capabilities states that “CyberFlood’s ability to model the performance impact of various security events provides a good deal of value to large enterprises with complex network and security architectures. The company continues to increase its value to customers by expanding its capabilities to the attacks most relevant to its customer base, which is exactly what it did with the launch of its breach-emulation feature, which focuses on more sophisticated multi-layer attack campaigns.”

The 451 Research team also states that the data breach emulation capability builds on the existing strengths of CyberFlood and extends them to include automated Purple Team assessments. “This allows Data Breach Assessment to perform safe penetration tests from emulated attackers to emulated targets both controlled by CyberFlood, allowing enterprises to perform active monitoring within their networks.”

Data Breach Emulation Raises the Bar

To ensure that you’re prepared to defend against attackers, it’s important to continuously assess and validate network security. Unfortunately, many network security solutions are sophisticated enough to recognize and avoid simulated attacks. Data breach emulation raises the bar by using current, real-world exploits and attack techniques.

If you are evaluating the tools available for performing automated security assessments, understanding the distinction between data breach simulation and data breach emulation will help you make the right choice. Tools that rely on data breach emulation can provide valuable insight into how your security infrastructure will hold up against a real-world attack, making them a superior choice for Purple Team assessments.