入侵与攻击仿真(BAS)是一种数据安全的过程 安全运营中心(SOC) maintaining vigilance over the security posture of the various pathways – or vectors – by which an attacker could breach an enterprise network. Staying on top of the current “state of strength” of an organization’s defenses could be the difference between a thwarted breach attempt 和 a successful one.
根据Gartner®, “BAS tools enable organizations to gain a deeper underst和ing of security posture vulnerabilities by automating testing of threat vectors such as external 和 insider, 横向运动, 数据泄露. BAS complements red teaming 和 penetration testing, but cannot completely replace them.”
That last thought is critical because it places an emphasis on the importance of leveraging a well-rounded set of network-integrity testing tools to ensure a strong security posture that can fend off the latest threats from sophisticated attackers. 网络安全 提供商通常提供攻击模拟工具、平台和服务套件.
事件响应(IR) personnel from those providers will typically use the latest 和 most pertinent breach scenarios to perform threat simulation sessions that help their clients to walk through the process of a breach. 这包括确定关键的证据来源, 进行模拟通信, 并提供仿真后优化建议.
BAS工具通过与某些攻击者策略保持一致来工作, 技术, 和 procedures (TTPs) so that organizations can run specific simulations to ascertain the effectiveness of their response actions 和 create/automate playbooks in case of those scenarios.
具体地说, Gartner的州 即“使用技术或服务功能的自动验证”, 例如入侵和攻击模拟(BAS), 或者自动化渗透测试工具将:
From this we can infer that validation 和 speed are likely the two most critical aspects of BAS 和 other attack-simulation tools. 后一个方面——速度——回避了有关劳动力能力的问题. 那些专业是 威胁检测和响应 be able to act efficiently to expunge the threat to the best of their abilities 和 limit potential fallout?
BAS工具可以在不可避免的事情发生之前帮助识别这些差距区域, 在某种程度上. The last thing any organization wants to be is caught off guard without the skillset to address an attack.
当然, 许多安全组织根本没有能力解决这些技能差距, 特别是在任何一种及时的方式-因此采用的上升趋势 托管安全服务提供商(mssp).
BAS differs from other cybersecurity testing in that it is a more sophisticated assessment of a security organization's ability to withst和 和 win in the event of an equally – or more – sophisticated attack.
It can be difficult for security stakeholders to know which solution is the best for testing their defenses as well as readiness to respond, 那么让我们来看看主要功能之间的一些区别.
A 漏洞评估 will scan for vulnerabilities across an organization’s network but not 试图利用它们. 此功能是安全团队的核心操作, 和 is usually the best way to get an initial idea of how vulnerable a network is to an attack. 脆弱性评估后, it is incumbent upon the organization to decide how to proceed as far as prioritization 和 remediation.
虽然这不是一个简单的过程,但网络安全公司将执行一个 渗透测试(pentest) 专门寻找客户网络中的漏洞, 试图利用它们, 确定组织的整体风险. 此过程是公司安全控制的重要组成部分, hopefully motivating the organization to adopt widespread remediation of all discovered vulnerabilities. 它不会, 然而, 自动化特定的外部攻击者策略,而不是发现这些漏洞.
红队攻击模拟侧重于组织的防御, 检测, 以及响应能力. Red Team operators will typically carry out real-world adversarial behavior 和 commonly used TTPs so an organization can measure the effectiveness of its security program. 然而,BAS和红队之间的主要区别在于自动化vs .自动化. 真实的人. BAS automates the process of real-world attacker behaviors while 红色的合作 employs actual people to perform the simulated attacks.
Businesses need BAS because their IT 和 security professionals should always know the current status 和 strength of their breach-response capabilities. In this day 和 age, SOCs need to consider more existential questions like the following:
最好的方法是彻底了解逃避的地方, 防守, 和 remediative capabilities lie across the IT 和 security organizations is to perform stress tests, 也被称为入侵和攻击模拟.
网络安全风险管理 程序可以结合像BAS这样的方法, 其中, 红色的合作 和 others so that a SOC can reduce overall cyber risk 和 achieve a stronger security posture to better respond to attacks.
其他技术有更精细的方法来测试红外准备情况. “粘蜜罐”, 例如, can act as a lure for threat actors 和 an important test of the SOC’s readiness to deal with that threat.
Some testing methods are for specific areas, like Internet of Things (IoT) security testing. 从测试实际硬件到设备网络渗透测试, 在攻击模拟中也可以考虑公司的物联网活动.
除了降低网络风险, 启用了bas的透明性可以提供哪些主要好处? 让我们来看看网络本身的潜力.
Knowing the current state of a network’s vulnerabilities 和 weaknesses can help to mitigate present 和 future security complications so that business as usual is the st和ard – not security emergencies.