kentoh - Fotolia
As more organizations turn to IT security intelligence and automation tools to help them with the painstaking task of identifying IT infrastructure vulnerabilities, security teams would be wise to compare the options available that can help facilitate vulnerability assessment initiatives.
There are two emerging technologies that organizations should consider incorporating into their security programs to assist with the identification of enterprise infrastructure vulnerabilities: AI-powered automated penetration testing (pen testing) tools and external threat intelligence services.
Automated pen tests mimic hackers' strengths
Automated pen testing has been around since the dawn of automated vulnerability tests. Automated pen testing is far more complicated, however, mostly because of the new and often expensive AI technology that is required to run effective pen tests. Hackers take their time to learn a business's potential weaknesses. That's where AI technology comes in. Organizations can use AI and machine learning to mimic a human hacker's ability to find targets using the most modern reconnaissance techniques.
The AI technology can also be used to automatically identify exploits that could potentially attack vulnerable targets within the organization. Until recently, AI wasn't up to the challenge of automating human pen testers' tasks. But, over the past 12 to 18 months, several products have come onto the market that closely imitate the manual pen tests typically run by security professionals.
Outsourced IT infrastructure vulnerability detection
External threat intelligence services are another key technology used to identify IT infrastructure vulnerabilities. These as-a-service offerings are sold by most of the major enterprise security vendors today. External threat services often integrate with on-premises security tools that are purchased and installed inside customer corporate networks.
The service providers scour the internet to discover new and imminent threats and then create policies that protect against the identified threats that are integrated with customers' security tools in real time. Not only does the service help to identify new threats, but it can also eliminate them within minutes.
Read the experts' cautionary advice before implementing automated pen testing systems at your security program
Dig Deeper on Penetration testing, ethical hacking and vulnerability assessments
Related Q&A from Andrew Froehlich
AIOps can take various tasks -- such as data collection and analysis -- off the plates of network teams. This can provide organizations with better ... Continue Reading
Software-defined WAN, DMVPN and IPsec tunnels each have a place among enterprises. Our network expert compares each one and explains where they can ... Continue Reading
In your organization's search for the best network automation platform for business operations, compare the pros and cons of proprietary and open ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.