# Simulation-Based Cyber Data Collection Efficacy

**Authors:** David Thaw, Bret Barkley, Gerry Bella, and Carrie Gardner

arXiv: 1905.09336 · 2019-05-24

## TL;DR

This study uses a realistic simulation of a small business network with default security settings to evaluate cyber attack efficacy, finding that such networks may remain secure without additional defenses.

## Contribution

It demonstrates the effectiveness of default security configurations in a realistic network simulation, challenging assumptions about inevitable hacking.

## Key findings

- No breaches occurred during the simulation
- Default security settings provided sufficient protection
- Realistic network modeling informs cybersecurity strategies

## Abstract

Building upon previous research in honeynets and simulations, we present efforts from a two-and-a-half-year study using a representative simulation to collect cybersecurity data. Unlike traditional honeypots or honeynets, our experiment utilizes a full-scale operational network to model a small business environment. The simulation uses default security configurations to defend the network, testing the assumption that given standard security baseline, devices networked to the public Internet will necessarily be hacked. Given network activity appropriate for its context, results support the conclusion that no actors where able to break in, despite only default security settings.

---
Source: https://tomesphere.com/paper/1905.09336