Solar: Adverse Emulation, Cyber Operations

The main articles are:

• Security Information and Event Management (SIEM)
• UBA (User Behavior Analytics)

2025: Adverse Emulation Presentation

Solar will simulate attacks and show companies weaknesses in their information security defense. The company announced this on April 14, 2025.

According to Solar experts, the time between the emergence of a new vulnerability and the beginning of its exploitation by attackers is rapidly decreasing: if earlier this took days, now professional hackers will implement an attack through a "fresh gap" in just a few hours. Therefore, it is important for companies not only to check their IT perimeter for weaknesses, but also the level of professionalism of their information security teams so that they can see and react to a cyber attack in time. To solve this problem, Solar, the architect of comprehensive cybersecurity, has singled out cyber operation (Adverse Emulation) as a separate type of service. Such work clearly demonstrates whether the organization is ready, both technically and resource-wise, for an attack by professional cybercriminals.

Offensive Emulation, or cyber operations, is a type of offensive security work. She bears similarities to the Red Teaming, where the top priority is coaching the SOC team. Adverse Emulation, in turn, completely simulates complex attacks without notifying the defense team to test not only the level of infrastructure training, but the professional skills of a full-time incident response service. As part of the service, experts from the Solar Security Analysis Department simulate a targeted attack using techniques and tactics of highly qualified cybercriminals.

The work takes place in several stages. Which elements of the infrastructure need to be accessed is determined by the customer. After coordinating the tasks of the project, Solar experts begin to collect information about the infrastructure and prepare tools for the attack. Next, the "attackers" implement the attack scenario: they are looking for a suitable vector for overcoming the external perimeter, ways to secure inside the network, elevate privileges and access to target systems. At the same time, cyber operations allow you to simulate an attack not only in a digital environment, but also through physical penetration into the territory of the organization.

After the cyber operation is completed, the organization receives a detailed report with the results of the work, the details of countering the protection team and recommendations for fixing the vulnerabilities and shortcomings found. Works can last from 1 to several months, depending on the goals.

Cyber operations is a service for large companies that have an already formed and professional response team or their own monitoring center (SOC). The usual pentest (that is, basic penetration testing) is already not enough for such organizations. It is important for them to understand what a potential attacker can do with the entry points he finds. And cyber operations just clearly demonstrate the chains of exploitation of vulnerabilities and the negative impacts that attackers can carry out if they successfully penetrate the network. It is also important that such work allows us to assess the quality of monitoring and response processes, including the speed of response to incidents, and at what stage employees and monitoring tools will be able to identify and stop the attack, "explained Alexander Kolesov, head of the security analysis department of Solar Group.