Attack Simulator
Once you integrate Detection and Response services into your web application, it's critical to assess vulnerabilities and fortify your risk mitigation policies to fit to your app's needs. To address this task, we developed the Attack Simulator, which is capable of simulating real-world attack scenarios using mock data derived from your webpages. This tool enables you to explore potential threats and strategize your security measures.
Usage and benefits
With the Attack Simulator, you can:
- Simulate a diverse range of known attack vectors, including those from bots, emulators, spoofed devices, and virtual machines, to identify potential security threats.
- Explore the impact of potential attack types on your application, additionally focusing on each stage of the user journey, such as login, registration, and transactions, ensuring comprehensive security coverage.
- Gather telemetry data to refine your investigation strategies, enabling proactive detection and mitigation of threats due to the widespread use of device emulators, proxies, and other cloaking tools.
Find the Attack Simulator at Admin portal > Detection and Response > Attack Simulator.
Designing your simulation
The Attack Simulator allows you to simulate attacks using mock data generated entirely by our backend based on the selected attack scenario. We recommend that you run attack simulations specifically crafted to match both the scope of the webpage and plausible scenarios aligned with your business activity. For instance, simulate attacks on the login page to observe how DRS services detect attacks carried out using spoofed devices that manipulate telemetry information in an attempt to gain unauthorized access to user data.
Analyzing simulation data
Once attack simulations are executed, simulation traffic will be fed into your Mosaic tenant. Mock data will be displayed in the Detection and Response Overview, providing you with a real-life experience of risk detection in the Admin Portal. From there, you can leverage the generated mock data for analytical purposes:
- Analyze trends and patterns, such as common reasons for "deny" recommendations, to identify potential areas of concern.
- Review the context of each specific recommendation to understand the key factors that led to the decision (e.g., telemetry data highlighting the use of proxies or emulators). For details about each recommendation, go to the Recommendations section.
- Filter data of interest (e.g., by specific moments in the user journey or by recommendation types) and export it to CSV for offline analysis or reporting purposes.
Example simulation
Here's an example of an attack simulation.