- Attack vectors represent a broad spectrum of attacks related to your company.
- Realistic attack scenarios like those used by attackers in reality, use frameworks like MITER ATT&CK.
- Customizable scenarios to test different aspects of your infrastructure.
- Automated testing so simulations run regularly and efficiently without impacting performance or requiring additional calculations.
- Detailed reporting and analysis help explain what tests mean and identify areas for improvement.
- The ability to scale to the current – and future – size and complexity of the business environment.
- The ability to test in mixed environments in production, which is important for identifying how controls work in real-world situations.
- Ease of use and implementation, including out-of-the-box integration with your existing security tools and platforms.
- Professional guidance and support, especially for companies that are new to BAS or do not have large experienced security teams.
- And, of course, the cost. BAS vendors generally do not publish pricing information, and pricing models may vary. Make sure the pricing structure is well aligned with your company’s use case.
9 best sellers of BAS
Business technology research firm Expert Insights has selected a list of the top 9 BAS vendors. The list takes into account key features such as threat simulation, reporting granularity, and ease of integration. Insinghts Top 9 are AttackIQ, Cymulate, Fortinet FortiTester, Mandiant Red Team Assessment, NetSPI Breach and Attack Simulation, Picus Security, RedScan Breach and Attack Simulation, ReliaQuest GreyMatter Verify, and SafeBreach Breach and Attack Simulation Platform.
Cymulate, Picus, AttackIQ, SafeBreach, Fortinet, and NetSPI are also among the top vendors according to Gartner’s Peer Insights BAS tool rankings. Gartner’s list is extensive and includes 17 vendors, however, six of them did not receive customer reviews while companies such as XM Cyber and Keysight do not appear in Expert Insights but have a high number in the rating system.
AttackIQ
According to Expert Insights, AttackIQ’s core simulation platform replicates enemy tactics, strategies, and processes in accordance with the MITER ATT&CK framework. The company recently released the second generation of its managed breach and attack simulation-as-a-service platform, called Ready!, to make it easier and faster for companies to roll out a continuous security assurance program.
Source link