Was ist eine Threat Simulation und wie unterscheidet sie sich von einem Pentest?

Eine Threat Simulation bildet das Vorgehen realer Bedrohungsgruppen (APTs) nach – mit deren spezifischen Taktiken, Techniken und Prozeduren (TTPs). Im Gegensatz zu einem Pentest, der Schwachstellen sucht, testet die Threat Simulation gezielt, ob Ihre Sicherheitsmassnahmen gegen bekannte Angriffsmuster wirksam sind. Die Szenarien basieren auf Frameworks wie MITRE ATT&CK.

Basieren die Szenarien auf realen Bedrohungen?

Ja. Wir analysieren die für Ihre Branche relevanten Bedrohungsgruppen und deren dokumentierte Angriffsmethoden. Die Szenarien basieren auf aktuellen Threat-Intelligence-Daten und dem MITRE ATT&CK Framework. So testen wir gezielt die Angriffsvektoren, die für Ihre Organisation das grösste Risiko darstellen.

Wie werden die Ergebnisse einer Threat Simulation kommuniziert?

Sie erhalten einen detaillierten Bericht mit einer Übersicht der getesteten Szenarien, der Erkennungsrate Ihrer Sicherheitsmassnahmen und konkreten Empfehlungen. Im abschliessenden Debriefing besprechen wir die Ergebnisse mit Ihrem Team und zeigen Lücken in der Detection-Kette auf – vom initialen Zugriff bis zur Datenexfiltration.

Können wir branchenspezifische Szenarien anfordern?

Absolut. Wir passen jede Threat Simulation an Ihre Branche an – sei es Finanzwesen, Gesundheitswesen, Industrie oder öffentliche Verwaltung. Die Szenarien berücksichtigen branchenspezifische Bedrohungsakteure, regulatorische Anforderungen und typische Angriffsmuster Ihres Sektors.

Threat Simulation Switzerland

Sector-Specific Scenarios

Finance

Simulation of APT groups targeting banking systems, SWIFT networks, and payment processing. Test your defenses against industry-specific threats.

Healthcare

Ransomware scenarios targeting patient data and medical devices. We test whether your critical systems withstand a targeted attack.

Manufacturing & OT

Attacks on industrial control systems (ICS/OT), supply chain compromises, and production disruptions – realistic scenarios for your manufacturing environment.

Available Modules

Assumed Breach Simulation

We start with an already compromised endpoint and test how far an attacker can advance in the network. Ideal for testing internal segmentation and detection.

Spear Phishing Campaign

Targeted phishing attacks on selected employees to test the effectiveness of awareness training and technical email filters.

Physical Social Engineering

Attempts to gain physical access to your buildings – through tailgating, forged badges, or social engineering at the reception.

Malware Infection Simulation

Simulation of a malware infection to test whether your endpoint security and SOC processes can detect and contain a compromise.

External Attack Chain

Complete external attack chain: reconnaissance, initial access, privilege escalation, and data exfiltration – an end-to-end simulation of an external attacker.

Our Methodology

Threat Intelligence

Analysis of current threats and attack patterns for your industry and infrastructure.

Scenario Development

Tailored attack scenarios based on real threats and your specific environment.

Simulation

Controlled execution of scenarios focusing on detection, response, and containment.

Analysis & Reporting

Detailed evaluation of detection rates, response times, and improvement opportunities.

From Our Engagements

Anonymized engagement example

A Swiss insurance company. 15 ATT&CK techniques. Only 4 detected.

Eleven missing detection rules implemented, thresholds corrected, three blind log sources connected. Detection rate improved from 27% to over 75%.

Detection rate: 27% Eleven missing detection rules Three blind log sources

Industry: Insurance

Scenario: APT Simulation

Duration: 5 days

A Swiss insurance company wants to test whether their security monitoring detects targeted attacks. 15 techniques from the MITRE ATT&CK framework particularly relevant to the industry are simulated — from initial access through credential dumping to data exfiltration.

Key Findings

Critical Only 4 of 15 simulated techniques are detected by the SIEM. Credential dumping (Mimikatz) and lateral movement (pass-the-hash) go completely undetected.
High Alerting rules for PowerShell-based attacks exist but are ineffective due to thresholds set too high
Medium Log sources from 3 critical servers are not connected to the SIEM — blind spots in monitoring

How It Differs from Pentesting

Criteria	Penetration Test	Threat Simulation
Scope	Defined systems	Scenario-based, industry-specific
Duration	Days to weeks	Weeks to months
Objective	Identify vulnerabilities	Measure detection & response
Stealth	Not required	Realistic attacker behavior

Your Deliverables

Threat Assessment Report

Comprehensive analysis of simulated threats with assessment of detection and response capabilities.

Attack Path Analysis

Documentation of simulated attack chains with timeline and detection gaps.

Detection Gap Analysis

Identification of gaps in your detection mechanisms with concrete improvement recommendations.

Prioritized Recommendations

Actionable recommendations to improve your detection and response capabilities, ordered by priority.

Frequently Asked Questions

A threat simulation replicates the tactics, techniques, and procedures (TTPs) of real threat groups (APTs). Unlike a pentest that looks for vulnerabilities, a threat simulation specifically tests whether your security measures are effective against known attack patterns. The scenarios are based on frameworks like MITRE ATT&CK.

Yes. We analyze the threat groups relevant to your industry and their documented attack methods. The scenarios are based on current threat intelligence data and the MITRE ATT&CK framework. This way, we specifically test the attack vectors that pose the greatest risk to your organization.

You receive a detailed report with an overview of the tested scenarios, the detection rate of your security measures, and concrete recommendations. In the final debriefing, we discuss the results with your team and identify gaps in the detection chain – from initial access to data exfiltration.

Absolutely. We tailor every threat simulation to your industry – whether finance, healthcare, manufacturing, or public administration. The scenarios take into account industry-specific threat actors, regulatory requirements, and typical attack patterns in your sector.

Request a Quote

Threat Simulation

Realistic attack scenarios, tailored to your industry

What is a Threat Simulation?

Who Is This For?

Sector-Specific Scenarios

Finance

Healthcare

Manufacturing & OT

Available Modules

Assumed Breach Simulation

Spear Phishing Campaign

Physical Social Engineering

Malware Infection Simulation

External Attack Chain

Our Methodology

Threat Intelligence

Scenario Development

Simulation

Analysis & Reporting

From Our Engagements

Key Findings

How It Differs from Pentesting

Your Deliverables

Threat Assessment Report

Attack Path Analysis

Detection Gap Analysis

Prioritized Recommendations

Frequently Asked Questions

Threat Simulation

Realistic attack scenarios, tailored to your industry

What is a Threat Simulation?

Who Is This For?

Sector-Specific Scenarios

Finance

Healthcare

Manufacturing & OT

Available Modules

Assumed Breach Simulation

Spear Phishing Campaign

Physical Social Engineering

Malware Infection Simulation

External Attack Chain

Our Methodology

Threat Intelligence

Scenario Development

Simulation

Analysis & Reporting

From Our Engagements

Details & Findings

Key Findings

How It Differs from Pentesting

Your Deliverables

Threat Assessment Report

Attack Path Analysis

Detection Gap Analysis

Prioritized Recommendations

Frequently Asked Questions

What is a threat simulation and how does it differ from a pentest?

Are the scenarios based on real threats?

How are the results of a threat simulation communicated?

Can we request industry-specific scenarios?