rvlsoft - Fotolia
Breach and attack simulation, or BAS, tools help security administrators understand what their infrastructure looks like from an external perspective. Automated attack simulation tools are used to mimic the behavior of someone attempting to break into an organization for malicious purposes. The details of breach attempts are closely monitored, and successful attacks indicate where breach prevention measures should be bolstered.
In the past, enterprise organizations would pay an outside contractor to run penetration tests (pen tests) using various simulation attack tools. Enterprises did this to avoid the bias inherent in having security admins oversee a test that examined tools and breach prevention mechanisms they themselves might have implemented.
Fortifying existing security mechanisms
Yet, this was when pen testing tools were largely manual in nature. Modern attack simulation tools, on the other hand, are highly automated. Thus, there is no bias to be concerned with. Additionally, many companies find it's preferable to run continuous attack simulations rather than conduct simulations on an infrastructure only once or twice in any given year. As a result, companies are concluding it's more cost-effective to invest in their own set of breach and attack simulation tools that can be operated by in-house IT security administrators.
Hiring third-party security consultants to run external pen tests against the network remains incredibly useful. Running these tests gives organizations additional feedback, since they use different tools than those underpinning BAS products. One shouldn't assume that attack simulation tools will completely replace the need to hire a security company to run pen tests. Instead, BAS should be considered a process that supplements regularly scheduled third-party pen tests.
Dig Deeper on Data security breaches
Related Q&A from Andrew Froehlich
Both UC-certified and MS-certified products are available to enterprises. But one designation carries more weight than the other, our expert writes. Continue Reading
When a home office becomes an employee's only office, reliable internet connectivity is a must. Here are three factors to consider for backup ... Continue Reading
Social media and social networking appear to be interchangeable terms, but they serve different use cases. Learn the difference between social media ... Continue Reading