RidgeBot® ACE to Measure Security Controls’ Effectiveness
![](https://ridgesecurity.ai/wp-content/uploads/icn-assessment@2x-8.png)
Assessment Means: Botlet
Botlet is a software agent that can simulate real-world cyber-attacks without any real harm or impact for customer IT environment.
![](https://ridgesecurity.ai/wp-content/uploads/icn-test-script@2x-8.png)
Assessment Test Script
A group of scripted behaviors carried out by Botlet to simulate a specific cyber-attack or to validate the security controls.
![](https://ridgesecurity.ai/wp-content/uploads/icn-key-measures@2x-8.png)
Key Measurement: Block Rate
The ratio of blocked scripts vs all assessment scripts executed during a RidgeBot® ACE testing.
ACE Attack Simulation Scenarios
Endpoint Security
RidgeBot® Botlet simulates the behavior of malicious software or downloads malware signatures to validate
the security controls of the target endpoints.
Data Exfiltration
RidgeBot® Botlet simulates the unauthorized movement of data from your server—for example, personal data, financial, confidential, software source codes, and more.
Active Directory Information Recon
RidgeBot® Botlet simulates an attacker to gather useful resources in Windows Active Directory for elevated
privilege, persist, and plundering information.
Measuring Security Controls’ Effectiveness with RidgeBot® ACE
Endpoint Security Scenario
![scr-ACE-security-control-effectiveness](https://ridgesecurity.ai/wp-content/uploads/scr-ACE-security-control-effectiveness.png)
- Botlet is a software agent that can simulate real-world cyber attacks without any real harm or impact for customer IT environment.
- A group of scripted behaviors carried out by Botlet to simulate a specific cyber attack or to validate the security controls.
Key Measurement: Block Rate
- The ratio of blocked scripts vs all assessment scripts executed during a RidgeBot® ACE testing
- A Test result with higher Block Rate indicates better security controls.
Measuring Data Exfiltration Effectiveness with RidgeBot® ACE
Data Exfiltration Scenario
![scr-ACE-upload-for-testing](https://ridgesecurity.ai/wp-content/uploads/scr-ACE-upload-for-testing.png)
User can upload 5 types of sensitive data to test the exfiltration of those files can be blocked or not
Validate Security Control Effectiveness
- Overall Block Rate Trend
- Block Rate per Target
- Result Overview per Threat Group
- Result Overview per MITRE ATT&CK Tactic
- Result Overview per MITRE ATT&CK Technique
![scr-ACE-security-control-effectiveness](https://ridgesecurity.ai/wp-content/uploads/scr-ACE-security-control-effectiveness-2.png)
![scr-ACE-mitigation-suggestions](https://ridgesecurity.ai/wp-content/uploads/scr-ACE-mitigation-suggestions.png)
RidgeBot® ACE provides descriptions and mitigation suggestions for un-blocked assessment tests
ACE Risk Assessment result with higher block rate indicates better security control in customer IT environment.
Please complete the form to download the OWASP report.