What is breach and attack simulation (BAS)?

Key takeaways

• BAS is automation. It executes a library of attacker techniques against the live environment on a schedule.
• The output is not a list of vulnerabilities; it is a measurement of whether existing controls detect and stop known behavior.
• BAS coverage is broad on technical TTPs and thin to absent on social engineering, physical access, and novel attack chains.
• BAS is one input to a security program. It is not a substitute for a red team engagement, continuous penetration testing, or continuous adversarial simulation.
• The right way to use BAS in a mid-market manufacturer is as the always-on technical control-validation layer, with human-led testing layered above it.

How does breach and attack simulation work?

A BAS platform installs a lightweight agent (or several) inside the environment. The agent receives instructions from the platform to perform a sequence of actions that simulate a specific attacker technique: drop a file with a known malicious pattern in a benign location, attempt a credential dump against a test account, beacon to a known C2 simulator, attempt lateral movement to a specified host, exfiltrate a benign data sample to a controlled endpoint.

Each action is mapped to a specific MITRE ATT&CK technique and a specific control that should detect or prevent it. After the action runs, the platform compares its own log of what happened to the data the organization's controls produced. If the EDR caught the credential dump, that is recorded as a pass. If it did not, that is recorded as a gap, with the technique, the time, the host, and the missing control identified.

The platform's value is in three dimensions:

1. Coverage. A modern BAS library includes hundreds of techniques across the ATT&CK matrix, refreshed regularly as new TTPs are published.
2. Cadence. Tests run daily or weekly, not annually, which means a control regression (an updated policy that broke a detection, a new exclusion rule, a deployment that disabled a sensor) is caught in days instead of waiting until the next pen test.
3. Repeatability. The same technique can be re-run after remediation to confirm the fix worked, against the exact same conditions.

Some BAS platforms also exercise email and web security controls by delivering benign analogs of real phishing payloads to test inboxes and clicking through to test URLs. This overlaps with email security testing but is narrower than phishing simulation against named individuals.

BAS vs red teaming vs penetration testing

These three terms are often used interchangeably. They are not the same.

Discipline	What it answers	How it works	Cadence
Penetration testing	"Which of these systems are exploitable in this window?"	Human tester, scoped assets, time-boxed	Annual or semi-annual
Red team engagement	"Could a motivated adversary accomplish X, and how would we know?"	Human team, objective-based scope, full attack surface	Annual or one-off
Breach and attack simulation (BAS)	"Do our existing controls catch known attacker techniques right now?"	Automated agents, library of techniques, control-validation focus	Continuous (daily or weekly)

A pen test finds vulnerabilities the organization did not know about. A red team finds attack chains the organization did not anticipate. BAS finds control drift the organization did not notice. Each answers a different question. The mistake most often made is assuming BAS replaces the other two; it does not.

Why BAS alone is not enough for mid-market manufacturers

BAS is necessary. It is not sufficient. For a mid-market manufacturer building a security program, four limits matter:

1. The library is bounded. A BAS platform tests what it knows. Novel attack chains, organization-specific workflow abuse, vendor-of-the-vendor attacks, and attacker improvisation are outside its scope. A motivated adversary will construct attacks the library does not contain.
2. The human surface is excluded. A finance lead clicking a vendor-invoice lure, a help desk technician resetting a password during a vishing call, an executive entering credentials into a forged Microsoft 365 page: none of these are BAS findings. Yet they are the dominant initial-access path in the breaches mid-market manufacturers actually suffer. See What is spear phishing? and What is vishing?.
3. The physical surface is excluded. Tailgating, badge cloning, pretext entry, and on-site reconnaissance are not BAS techniques. For a manufacturer with a physical facility and operational technology, this is half the attack surface.
4. Detection passes do not equal real-world detection. A BAS platform tests whether the EDR alerts when a known technique runs against a known agent on a known host. Whether a tired analyst, at 11 p.m., across a tenant of 800 endpoints, will triage that alert correctly and escalate it within thirty minutes is a different question. BAS does not answer it.

The right way to use BAS is as the technical control-validation layer, running constantly. The findings from BAS feed into the same program that runs adversarial simulation against people and physical access. See What is adversarial simulation? for how these layers fit together.

Examples of attacks BAS tools simulate

A representative sample of what a BAS platform exercises against a typical mid-market environment:

• Endpoint: Mimikatz-style credential dumps, AMSI bypass attempts, suspicious PowerShell encoding, LSASS access, scheduled-task persistence, common ransomware staging patterns.
• Email: Delivery of benign analogs of malicious attachments (Office macros, ISOs, OneNote payloads), credential-harvest landing pages, OAuth consent flows.
• Network: Lateral movement via SMB, WinRM, RDP; suspicious internal port scans; SMB signing weakness probes; protocol-tunnel C2 simulation.
• Identity: Brute force against test accounts, password spraying against a small target list, anomalous geolocation logon attempts, MFA bypass simulations.
• Cloud and SaaS: Suspicious OAuth token use, anomalous mailbox rule creation, mass file download from cloud storage, suspicious admin actions.
• Data exfiltration: DNS tunneling, HTTPS exfiltration of benign data samples, encoded payload egress through allowed channels.

Each test is run against the live environment with safe payloads, in a way that produces telemetry without causing operational impact. A well-run BAS program tracks each technique by control, owner, and remediation status over time.

How to evaluate a BAS platform or service

For a mid-market manufacturer evaluating BAS:

1. Coverage breadth and freshness. How many ATT&CK techniques are covered, and how often is the library updated. New TTPs should appear in the library within weeks of public disclosure, not quarters.
2. Control-mapping clarity. Does the platform map each technique to a specific control (EDR, email gateway, SIEM rule, IAM policy) so that a gap is actionable, not abstract.
3. Agent footprint and stability. What runs on production hosts, how is it updated, and what happens if the agent fails. A BAS agent that introduces operational risk to OT-adjacent IT systems is a non-starter for manufacturing.
4. Integration with the organization's actual stack. EDR (Defender, CrowdStrike, SentinelOne), SIEM (Sentinel, Splunk, Elastic), email security (Defender for Office, Proofpoint, Mimecast). The point is to validate the stack you actually run.
5. Trend and regression reporting. Are detection rates getting better over time. Did a recent policy change cause a regression. Can the report go directly to a board or insurance underwriter without translation.
6. Out-of-scope honesty. Vendors that claim BAS replaces a red team are not credible. The right vendor will tell you what BAS does not test.
7. Total cost. Licensing plus operational cost: someone has to triage findings, plan remediation, and re-test. A BAS platform without an owner is shelfware.

Best practices for running BAS continuously

For an organization deploying or operating BAS:

1. Start with detection, not prevention. Initial BAS deployment in a mid-market environment usually shows that prevention works for common techniques and detection is patchier. Tune for detection coverage first; prevention coverage follows.
2. Set a regression alarm. Any detection that was passing and starts failing is an event. A BAS regression usually means a configuration change broke something. Catch it in days.
3. Tie findings to MITRE ATT&CK groups, not just techniques. Coverage against a specific technique is interesting; coverage against the TTPs used by the specific groups likely to target your sector (ransomware affiliates, BEC operators, supply chain actors) is actionable.
4. Run continuously, not in bursts. Daily or weekly cadence. The point of BAS is to be the always-on layer; running it quarterly defeats the model.
5. Loop findings into incident response readiness. Each BAS finding is an opportunity to practice the incident response plan: does the alert route to the right analyst, does the playbook fit, does the escalation work.
6. Combine BAS evidence with manual testing in renewal packages. Underwriters give credit for evidence that controls are validated continuously. See What is cyber insurance underwriting?.
7. Replace findings with remediation, not exclusions. A finding that gets "accepted" with an exclusion rule is technical debt. Track exclusions as their own backlog.

Breach and attack simulation FAQs

Is BAS the same as a vulnerability scan?

No. A vulnerability scan looks for known weaknesses in software and configuration. BAS executes attacker behavior (lateral movement, credential abuse, exfiltration patterns) and measures whether detection and prevention controls catch it. A scan tells you what is wrong; BAS tells you whether your controls notice an attack in progress.

Can BAS replace a penetration test?

No. BAS validates whether known techniques are caught by existing controls; it does not discover new attack chains, model attacker creativity, or test the human and physical surfaces. BAS, penetration testing, and red teaming are complementary, not substitutes.

What MITRE ATT&CK techniques does BAS exercise?

Most BAS platforms exercise techniques across Initial Access, Execution, Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Collection, Command and Control, and Exfiltration. Coverage of the Impact tactic (encryption, destruction) is usually limited to safe equivalents.

Does BAS test social engineering?

BAS platforms can deliver phishing payloads for testing email security controls, but they do not exercise the human surface in the way social engineering simulation does. Phishing simulation, vishing simulation, and pretexting exercises remain separate disciplines.

How ARG combines BAS with human-led adversarial simulation

ARG treats BAS as one technical layer inside a continuous adversarial simulation program. It does not stand alone, and it is not the differentiator. The differentiator is what runs above it.

Below the line, automated control validation runs daily across endpoint, identity, email, and network controls. Detection regressions surface in days, not quarters. The findings feed the monthly operational packet.

Above the line, human-led testing covers the surfaces BAS cannot reach: social engineering against named targets (What is AI-personalized spear phishing?), vishing and voice cloning (What is deepfake vishing?), physical pretext entry, badge work, and novel attack chains tuned to the specific facility and workforce.

The two layers share the same MITRE ATT&CK taxonomy, the same finding format, and the same delivery cadence. The client sees one report, one trendline, and one remediation backlog, regardless of whether a given finding came from an automated probe or an operator.

For mid-market manufacturers building a security program from a compliance baseline, this combination is the practical answer to "do our controls actually work". The automated layer answers it daily for the technical surface. The human layer answers it for the people, the process, and the physical access.

Apply as a founding client or see how the engagement works for the full delivery cycle.