Skip to main content
Opens in a new tab External site
Hero banner Banner

Adversary Simulation

What is Adversary Simulation?

Adversary simulation, also known as adversary emulation, is the practice of security experts impersonating the actions and behaviors of skilled cyber threat actors to attack an organization’s information technology or operational technology environment. Using real-world attacker breach techniques and a feedback loop from the organization’s security stack, adversary simulation exercises help test and improve cyber resilience against attacks such as ransomware and persistent threats.

Adversary simulation is considered a highly effective way to holistically test an organization’s cyber resilience by assessing its ability to prevent, detect, and respond to real-world threats and attacks in a simulated breach scenario. The simulation results provide security leaders with data points to make more informed decisions on risk and cyber resiliency and to help prioritize budgets based on validated evidence derived from testing the effectiveness of their security controls.

How Does Adversary Simulation Work?

Adversary simulation empowers organizations to more accurately assess cyber risk and vulnerabilities by impersonating a variety of attacker tools, techniques and procedures across various scenarios and adversary profiles to test the effectiveness of security controls in any given environment.

By integrating into an organization’s security technology stack, adversary simulation can help drive in-depth analyses of successful vs. blocked attacks, provide better visibility into the efficacy of an organization’s defensive controls and security monitoring programs, and help paint a picture for a data-driven risk prioritization and remediation strategy.

Effective adversary simulation can lead to the following outcomes:

Identification of existing gaps in an organization’s security controls and security monitoring program.

Evaluation of an organization’s cyber defenses and to help provide an in-depth strategy for mitigating risk from attacks.

Validate the effectiveness of security programs, tools, and specific controls against industry-specific attacker techniques.

Enhancement of security monitoring and detection capabilities.

Why Every CISO Should Consider Adversary Simulation

As organizations grow their digital footprint to support critical business functions, the risk of attacks on digital infrastructure increases proportionately. Adversary simulation allows chief information security officers (CISOs) to pivot from a reactive implementation of defensive controls and security tools – which is a never-ending game of catch-up – to a more proactive, strategic and data-driven approach to risk prioritization and mitigation. Here’s why an investment in adversary simulation services should be on every CISO’s agenda:

  • Identify and track an organization’s attack surface available to attackers, thereby helping to reduce exposure to a variety of harmful threat actors significantly.
  • Validate an organization’s security stack and help identify gaps that may exist so that future technology investments can be based on more quantitative data points.
  • Improve cyber resilience following a cyber breach event.
  • Validate the effectiveness of security programs, tools and specific controls against industry-specific attacker techniques.
  • Help Identify and remediate blind spots and gaps in an organization’s security monitoring program. Make better decisions using empirical data derived from simulations to help maximize the return on security investment.

How Aon Can Help

Designed to provide cyber security teams with the real-world feel of a targeted attack – minus the consequences or costs of an actual breach – Aon’s cyber threat simulation services can help strengthen an organization’s response to sophisticated threat actors. Adversary simulation results can be used to highlight your organization’s cyber resilience to the underwriters on your cyber/E&O program through a data-driven approach. In fact, we are reinforcing with clients the importance of heightened cyber vigilance given the current threat landscape. We recommend that every CISO consider regular adversary simulation exercises to enhance their organization’s cyber resilience.

Aon’s diverse team brings a unique set of capabilities and experiences in digital forensics, law enforcement techniques, security advisory and risk management – all working together to help build more effective programs centered on the unique needs of your business.

Our adversary simulation services can help your organization:

Take a more data-driven approach to enhancing cyber security programs.
Ensure validation of existing security controls against ransomware, business email compromise, and data exfiltration attacks.
Provide security leadership with the data points needed to make more informed investment decisions.
Provide meaningful insights into specific aspects of security design that are effective against threat actor activity.
Ensure better prioritization of limited resources.


Broad Variety of Adversary Simulation Techniques

Improving the overall cyber security of an organization’s digital infrastructure to help safeguard against sophisticated and evolving attacks to be better prepared against advanced persistent threats.

At Aon, we have access to a comprehensive library that spans over 25,000 breach techniques. Our team can impersonate more than 100 threat actors, simulating their respective breach techniques. This library can help bolster an organization’s cyber defenses by identifying vulnerabilities and providing actionable data points for remediation.

Enhanced Blue Team Integration and Collaboration

As your blue team prepares to defend against and respond to possible cyber intrusions and attacks, keeping up with increasingly sophisticated adversaries and the latest evolving attack methods can be challenging.

At Aon, we offer data-driven blue team enhancement through integration capabilities with 40-plus tools, allowing security teams to work with us collaboratively to pinpoint gaps in their technology stack. Doing so helps determine if a simulated attack was blocked, detected or entirely missed by the client’s security ecosystem.

Industry-Specific Scenario Modeling

Our adversary simulation services cover more than 15 industry-specific scenarios, with tailored attack chains emulating the MITRE Top 16 tactics, techniques and procedures for your particular industry so your team can understand and resolve precise weaknesses.

Post-Breach Containment

We routinely assist clients with post-breach containment efforts. Adversary simulation testing can be used in those efforts to help drive data-driven risk prioritization and remediation strategies using critical data points to identify blind spots and bolster cyber resilience.

Insights From Aon

The Cyber Loop: A Model for Sustained Cyber Resilience

The Cyber Loop: A Model for Sustained Cyber Resilience

Ransomware Isn’t Just About Data: The Rising Risk of Cyber Business Interruption

Ransomware Isn’t Just About Data: The Rising Risk of Cyber Business Interruption

Deepfakes and Cyber Espionage: Is That Really Your Boss on the Phone?

Deepfakes and Cyber Espionage: Is That Really Your Boss on the Phone?

Talk to Our Team

If you are interested in learning more about adversary simulation or other approaches for establishing a comprehensive approach to cyber resilience, please complete the form below. A member of our team will be in touch shortly.

Aon and other Aon group companies will use your personal information to contact you from time to time about other products, services and events that we feel may be of interest to you. All personal information is collected and used in accordance with our privacy statement.

Please click here to manage your communication preferences.



General Disclaimer
This material has been prepared for informational purposes only and should not be relied on for any other purpose. You should consult with your own professional advisors or Technology Department before implementing any recommendation or following the guidance provided herein. Further, the information provided and the statements expressed are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources that we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future.

About Us
Cyber security services are offered by Stroz Friedberg Inc., its subsidiaries and affiliates. Stroz Friedberg is part of Aon’s Cyber Solutions, which offers holistic cyber risk management, unsurpassed investigative skills, and proprietary technologies to help clients uncover and quantify cyber risks, protect critical assets, and recover from cyber incidents.