Breach and attack simulations (BAS) are used to assess the risk posed by different threats as well as the effectiveness of corresponding mitigation measures. Most simulation methods have two major downsides: they are highly intrusive tools, as they uses active IP and Port scanning as well as active exploitation tools and benign malware; and they have no means to prioritize the findings and advise what needs to be fixed first.
Radiflow proposed approach to BAS includes the ability to simulate “What-If” scenarios based on zone impact and threat likelihood to enable prioritizing mitigation measures. To facilitate this capability Radiflow’s OT-BAS simulations utilize a complete “digital image” of the production environment that encompasses vulnerabilities in assets, protocols, and network topology.
Radiflow’s CIARA platform offers Automated, Continuous, Consistent risk monitoring and reporting, utilizing, in addition to BAS, also OT digital network image, vulnerability mapping, threat adversary advanced persistent threat (APT), risk gap analysis, and compliance gap analysis and reporting.