Security News > 2020 > January > Evaluating Your Security Controls? Be Sure to Ask the Right Questions

Testing security controls is the only way to know if they are truly defending your organization.

According to SANS, 69.9% of security teams use vendor-provided testing tools, 60.2% use pen-testing tools, and 59.7% use homegrown tools and scripts.

While vendor-provided tools test a specific security solution-whether it's a web application firewall, EDR solution, or something else-pen testing is frequently used to verify that controls meet compliance requirements, such as PCI DSS regulations, and by red teams as part of broader testing assessments and exercises.

BAS complements point-in-time testing to continually challenge, measure, and optimize the effectiveness of security controls.

BAS is automated, allowing you to test as needed, and the best solutions assess controls based on the latest malware strains and threat actor TTPs-without having to assemble teams of security experts.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/N5OSKqSsEfY/cybersecurity-controls-framework.html