Security News > 2021 > September > Hack yourself before someone else does it for you
What does continuous mean in this context? And how do you look for something when the haystack is as big as your entire security footprint? The philosophy of BAS tools is that you simulate what real attacks do inside networks based on patterns drawn from threat intelligence.
"Historically, we built these tools for quality assurance and test labs. It was built by geeks for geeks as a pre-deployment lab tool," explains Keysight's VP of security solutions, Scott Register.
"What a pen test team finds in January is going to be very different from the same team in July. The world is very dynamic, and the threat landscape changes every day. It's just hard to measure your security over time with pen testing," argues Register.
The way Register describes it, Threat Simulator is like the internal affairs cop that keeps the other systems honest by testing their security state.
"In the flood of messages that security teams get every day from their many security tools, a SIEM isn't configured to look for the specific events - the 'Indicators of Compromise' - that would indicate an organization is being subjected to a certain attack. That's what usually happens - you get an alert but it's lost in the flood of hundreds of alerts a day so you don't know that it's actionable. We fix that," Register says.
"Most security admins will pick which attack scenarios to use based on the MITRE ATT&CK Framework. That lets you pick a particular threat actor and select the attacks that the bad guy is currently using. Threat Simulator makes it easy to do that," Register says.