Definition
Penetration testing and red teaming activities have traditionally been heavily dependent on human testers and their toolkits of commercial and proprietary tools. A new market of solutions is emerging that can fully or semiautomate continuous or ad hoc network and infrastructure penetration test, and red team activities.
Why This Is Important
Security testing, like network penetration testing and red teaming, plays an important role in an organizations’ capabilities to identify exposures, vulnerabilities and weaknesses in their defenses. Many organizations only test on an annual or ad hoc basis, rarely testing more frequently or even continuously in their environments due to the cost and lack of internal expertise.
Business Impact
-
More frequent testing of infrastructure and the cybersecurity defenses of an organization helps find and mitigate weaknesses, gaps and operational deficiencies faster.
-
More organizations can take advantage of penetration testing and red teaming capabilities without having to hire expensive experts when building an internal testing capability.
-
Time to schedule and execute tests is shorter when an organization is not reliant on the schedule of a testing firm.
Drivers
-
Vendors are adding more automation in their tools that can aid security operations teams
-
Penetration testing tends to be an annual activity for many organizations due to the lack of budget and available resources, and to meet regulatory mandates or internal policy requirements
-
Red teaming is still the purview of mature organizations that are prepared to benefit from these activities to validate and test the defenses and the “blue team.” However, human-led red teaming requires a specific set of expertise, processes and tools that can be expensive to develop.
Obstacles
-
As an emerging market, adoption is low and there is little feedback from buyers to validate the efficacy and value of these solutions.
-
Acceptance of the test results from these solutions by auditors, assessors and third-party risk teams is still unknown. Organizations using automated testing solutions should confirm whether test results would be acceptable to applicable parties.
-
Solutions still need people to operate them. This means managing the tools along with doing the work. This is done to determine scope, gather the necessary information (such as IP address ranges or excluded assets), configure the parameters of the test in the tool, and monitor the execution of the test until completion.
-
Current tools cannot address all variations of penetration tests that buyers may require, especially those that require people to be on site, like wireless and physical intrusion tests.
User Recommendations
-
Do POCs and other due diligence to confirm that the solutions being considered are fit for purpose and will meet the buyer’s requirements. This is because the market is nascent and there is limited end-user experience with these tools.
-
Confirm that the tools will be considered equivalent to the activities performed, and findings and results provided, by testing services providers. It is important in case you are planning to use these tools to address any audit or regulatory compliance requirements.
-
Work with vendors in this space to help them refine and improve their solutions, and identify and prioritize new features and functionality, which benefit both parties
Courtesy : The above excerpt has been taken from a Gartner Report
Comments