Platform

What is cyber attack simulation?

Cyber attack simulation models how a breach could unfold against your actual environment, before an attacker does. Probabilistic approaches use agent-based modeling, discrete-event simulation, and Monte Carlo methods to produce distributions of outcomes — surfacing single points of failure, blast radius, weak points, and an overall resilience score rather than a single guess.

Penetration tests and red-team exercises are valuable, but they are point-in-time and narrow: a snapshot of what a skilled human found during a defined window. Environments change daily, and the next finding may be in a corner no one tested. Simulation complements those exercises by letting you run many attacks against a model of your environment, as often as you like.

The goal is not to predict the exact future, but to understand the shape of what could happen — which paths are most dangerous, which assets are most exposed, and where one failure cascades into many.

Probabilistic, not deterministic

Real attacks are uncertain. Whether a given step succeeds depends on configuration, timing, and defender response. A deterministic model that returns one outcome hides that uncertainty. A probabilistic model runs the scenario many times with varying conditions and returns a distribution — telling you not just what could happen, but how likely each outcome is.

How probabilistic simulation works

Modern simulation combines a few complementary techniques. Agent-based modeling represents attackers and defenders as autonomous agents that make decisions and react to each other. Discrete-event simulation advances time efficiently from one meaningful event to the next, rather than ticking through idle moments. Monte Carlo sampling repeats the whole scenario across many randomized runs to build the outcome distribution.

What a simulation tells you

The output is a set of decisions you can act on:

  • Single points of failure — assets whose compromise disproportionately damages the whole.
  • Blast radius — how far an attacker could reach from a given starting point.
  • Weak points and degradations — where defenses thin out or services degrade under attack.
  • A resilience score — a summary of how well the environment withstands attack.

Beyond attacks: simulating change

The same engine that models an attack can model a decision. Before adopting a new technology — IT or operational — you can simulate its effect on performance, security, compliance, and cost, and see the projected return on investment, instead of finding out after deployment.

How Onek simulates

Onek runs simulations against your digital twin, so results reflect your real topology and feed straight back into quantified risk.

Available today

  • A probabilistic engine combining agent-based modeling, discrete-event simulation, and Monte Carlo methods, with attacker and defender agents.
  • After-action analysis: single points of failure, weak points, degradations, and a resilience score.
  • A technology adoption simulator for new IT or OT, including ROI projection.
  • Outcomes that feed directly into Value at Risk.

On the roadmap

  • Continuous, multi-scenario simulation running 24/7 rather than on demand.

Frequently asked questions

How is attack simulation different from a penetration test?
A penetration test is a point-in-time exercise where humans probe for findings within a defined scope. Simulation models many attacks against a representation of your environment continuously, producing distributions of outcomes and metrics like blast radius and resilience that complement, rather than replace, hands-on testing.
What is a resilience score?
A resilience score is a summary metric of how well an environment withstands simulated attacks — reflecting things like the number of single points of failure, the size of blast radius, and how defenses hold up. It is best used to compare scenarios and track improvement over time.
Can simulation predict exactly what will happen?
No. Simulation is not prediction of a single future; it estimates the range and likelihood of outcomes. Its value is in revealing which paths and assets carry the most risk so you can prioritize, not in forecasting one specific event.