As the name suggests, "Assume Breach" represents a new approach to potential attack scenarios. It is based on the assumption that an attacker will definitely manage to gain a foothold in the company. The focus here is not on generally preventing attacks, but rather on proactively examining what impacts an attack could have and drawing conclusions from this.
The basic idea here is that it has become virtually impossible to protect a company from attacks - practice shows this time and time again. Companies that invest millions in defense and still get hacked. The reason for this is the fact that real attackers and APTs are incredibly creative and constantly program new exploits, find new types of vulnerabilities, and in the end there's always someone who opens the suspicious attachment.
What are the goals of Assume Breach?
The most important point here is to strengthen internal competence so that attacks and certain behavioral patterns within the corporate network can be detected more quickly. A core aspect of most attacks is also the spread within the internal network - with the help of assume breach scenarios, IT can better segment internal networks and vulnerabilities are generally uncovered. Preventing or minimizing damage and data exfiltration is also a relevant point - assumed breach scenarios help to improve firewalls and intrusion detection systems and thus detect attacks more quickly.
An assume breach scenario is much more similar to a real attack by an APT than a classic penetration test. Here too, one would assume that the attacker is in the network because, for example, an employee clicked on a link or opened something.
Procedure for an Assume Breach Assessment?
Together with the client, a scenario is usually defined. This could be, for example, a dissatisfied current employee (Insider Threat) who has VPN access to the network. Sometimes particularly vulnerable employee groups are to be tested. An example of this would be HR employees who often deal with job applications or email attachments. In such a scenario, it is assumed that the employee's PC is compromised and the attacker will try to spread from there.
Advantages of Assume Breach?
- Current security measures are tested under realistic conditions.
- Technical and organizational vulnerabilities can be specifically uncovered.
- Testing of detection and defense mechanisms and their optimization.
- Continuous adaptation of security measures based on test results and new threat scenarios.
- More effective than isolated penetration tests and broad red teamings.
Thank you for your feedback! We will review it and optimize this content.
