During an attack simulation, an attacker is simulated within a controlled setting.
For this purpose, targets are defined in advance, which an attacker team (the Red Team) tries to achieve. Possible targets here can be, for example, a company secret or access to a mission-critical server.
An attack simulation therefore not only identifies and reports individual vulnerabilities, but also puts existing security solutions and the response of the IT security department (the Blue Team) during security incidents to the test.
In this way, the company as a whole is tested during an attack simulation.