{"global":{"lastError":{},"locale":"de","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"product":{"reference-bonus":{"_type":"localeString","en":"Offer a reference bonus","ru":"Предложить бонус за референс"},"configurator":{"ru":"Конфигуратор","_type":"localeString","en":"Сonfigurator"},"i-sell-it":{"ru":"I sell it","_type":"localeString","en":"I sell it"},"i-use-it":{"en":"I use it","ru":"I use it","_type":"localeString"},"roi-calculator":{"_type":"localeString","en":"ROI-calculator","ru":"ROI-калькулятор"},"selling":{"_type":"localeString","en":"Selling","ru":"Продают"},"using":{"_type":"localeString","en":"Using","ru":"Используют"},"show-more-button":{"ru":"Показать еще","_type":"localeString","en":"Show more"},"hide-button":{"_type":"localeString","en":"Hide","ru":"Скрыть"},"supplier-popover":{"en":"supplier","ru":"поставщик","_type":"localeString"},"implementation-popover":{"en":"deployment","ru":"внедрение","_type":"localeString"},"manufacturer-popover":{"ru":"производитель","_type":"localeString","en":"manufacturer"},"short-description":{"en":"Pitch","ru":"Краткое описание","_type":"localeString"},"i-use-it-popover":{"en":"Make your introduction and get a bonus from ROI4CIO or the supplier.","ru":"Внесите свое внедрение и получите бонус от ROI4CIO или поставщика.","_type":"localeString"},"details":{"_type":"localeString","en":"Details","ru":"Детальнее"},"description":{"ru":"Описание","_type":"localeString","en":"Description"},"product-features":{"_type":"localeString","en":"Product features","ru":"Особенности продукта"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"solutions":{"_type":"localeString","en":" Problems that solves","ru":"Проблемы которые решает"},"values":{"ru":"Ценности","_type":"localeString","en":"Values"},"сomparison-matrix":{"en":"Comparison matrix","ru":"Матрица сравнения","_type":"localeString"},"testing":{"ru":"Тестирование","_type":"localeString","en":"Testing"},"compare":{"_type":"localeString","en":"Compare with competitors","ru":"Сравнить с конкурентами"},"characteristics":{"ru":"Характеристики","_type":"localeString","en":" Characteristics"},"transaction-features":{"ru":"Особенности сделки","_type":"localeString","en":"Transaction Features"},"average-discount":{"_type":"localeString","en":"Partner average discount","ru":"Средняя скидка партнера"},"deal-protection":{"en":"Deal protection","ru":"Защита сделки","_type":"localeString"},"average-deal":{"ru":"Средний размер сделки","_type":"localeString","en":"Average deal size"},"average-time":{"_type":"localeString","en":"Average deal closing time","ru":"Средний срок закрытия сделки"},"login":{"ru":"Войти","_type":"localeString","en":"Login"},"register":{"en":"Register","ru":"Зарегистрироваться","_type":"localeString"},"to-know-more":{"ru":"Чтобы узнать больше","_type":"localeString","en":"To know more"},"scheme":{"_type":"localeString","en":" Scheme of work","ru":"Схема работы"},"competitive-products":{"_type":"localeString","en":" Competitive products","ru":"Конкурентные продукты"},"implementations-with-product":{"_type":"localeString","en":"Deployments with this product","ru":"Внедрения с этим продуктом"},"user-features":{"ru":"Особенности пользователей","_type":"localeString","en":"User features"},"job-roles":{"en":" Roles of Interested Employees","ru":"Роли заинтересованных сотрудников","_type":"localeString"},"organizational-features":{"_type":"localeString","en":"Organizational Features","ru":"Организационные особенности"},"calculate-price":{"ru":"Рассчитать цену продукта","_type":"localeString","en":" Calculate product price"},"selling-stories":{"en":" Selling stories","ru":"Продающие истории","_type":"localeString"},"materials":{"ru":"Материалы","_type":"localeString","en":"Materials"},"about-product":{"ru":"О продукте","_type":"localeString","en":"About Product"},"or":{"ru":"или","_type":"localeString","en":"or"},"program-sends-data":{"_type":"localeString","en":"Program Sends Data"},"calculate-roi":{"en":"Calculate Product ROI","ru":"Рассчитать ROI продукта","_type":"localeString"},"complementary-categories":{"ru":"Схожие категории","_type":"localeString","en":"Complementary Categories"},"program-receives-data":{"en":"Program Receives Data","_type":"localeString"},"rebate":{"_type":"localeString","en":"Bonus","ru":"Бонус"},"rebate-for-poc":{"ru":"Бонус 4 POC","_type":"localeString","en":"Bonus 4 POC"},"configurator-content":{"ru":"Рассчитайте стоимость продукта","_type":"localeString","en":"Calculate price for this product here"},"configurator-link":{"ru":"тут","_type":"localeString","en":"here"},"vendor-popover":{"_type":"localeString","en":"vendor","ru":"производитель"},"user-popover":{"en":"user","ru":"пользователь","_type":"localeString"},"select-for-presentation":{"ru":"выбрать продукт для презентации","_type":"localeString","en":"select product for presentation"},"auth-message":{"ru":"Вам нужно зарегистрироваться или войти.","_type":"localeString","en":"You have to register or login."},"add-to-comparison":{"ru":"Добавить в сравнение","_type":"localeString","en":"Add to comparison"},"added-to-comparison":{"en":"Added to comparison","ru":"Добавлено в сравнения","_type":"localeString"},"roi-calculator-content":{"en":"Calculate ROI for this product here","ru":"Рассчитайте ROI для данного продукта","_type":"localeString"},"not-yet-converted":{"_type":"localeString","en":"Data is moderated and will be published soon. Please, try again later.","ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время."},"videos":{"ru":"Видео","_type":"localeString","en":"Videos"},"vendor-verified":{"ru":"Подтверждено производителем","_type":"localeString","en":"Vendor verified"},"event-schedule":{"_type":"localeString","en":"Events schedule","ru":"Расписание событий"},"scheduling-tip":{"_type":"localeString","en":"Please, сhoose a convenient date and time and register for the event.","ru":"Выберите удобную дату и время и зарегистрируйтесь на ивент."},"register-to-schedule":{"ru":"Для того чтобы зарегистрироваться на ивент пожалуйста авторизируйтесь или зарегистрируйтесь на сайт.","_type":"localeString","en":"To register for the event please log in or register on the site."},"comparison-matrix":{"ru":"Матрица сравнений","_type":"localeString","en":"Comparison matrix"},"compare-with-competitive":{"ru":"Сравнить с конкурентными","_type":"localeString","en":" Compare with competitive"},"avg-deal-closing-unit":{"ru":"месяцев","_type":"localeString","en":"months"},"under-construction":{"ru":"Данная услуга всё ещё находится в разработке.","_type":"localeString","en":"Current feature is still developing to become even more useful for you."},"product-presentation":{"ru":"Презентация продукта","_type":"localeString","en":"Product presentation"},"go-to-comparison-table":{"ru":"Перейти к таблице сравнения","_type":"localeString","en":" Go to comparison table"},"see-product-details":{"ru":"Детали","_type":"localeString","en":"See Details"}},"header":{"help":{"_type":"localeString","en":"Help","de":"Hilfe","ru":"Помощь"},"how":{"en":"How does it works","de":"Wie funktioniert es","ru":"Как это работает","_type":"localeString"},"login":{"en":"Log in","de":"Einloggen","ru":"Вход","_type":"localeString"},"logout":{"ru":"Выйти","_type":"localeString","en":"Sign out"},"faq":{"_type":"localeString","en":"FAQ","de":"FAQ","ru":"FAQ"},"references":{"_type":"localeString","en":"Requests","de":"References","ru":"Мои запросы"},"solutions":{"_type":"localeString","en":"Solutions","ru":"Возможности"},"find-it-product":{"en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта","_type":"localeString"},"autoconfigurator":{"ru":"Калькулятор цены","_type":"localeString","en":" Price calculator"},"comparison-matrix":{"_type":"localeString","en":"Comparison Matrix","ru":"Матрица сравнения"},"roi-calculators":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"b4r":{"en":"Bonus for reference","ru":"Бонус за референс","_type":"localeString"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"ru":"Каталоги","_type":"localeString","en":"Catalogs"},"products":{"_type":"localeString","en":"Products","ru":"Продукты"},"implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"categories":{"en":"Categories","ru":"Категории","_type":"localeString"},"for-suppliers":{"en":"For suppliers","ru":"Поставщикам","_type":"localeString"},"blog":{"ru":"Блог","_type":"localeString","en":"Blog"},"agreements":{"_type":"localeString","en":"Deals","ru":"Сделки"},"my-account":{"en":"My account","ru":"Мой кабинет","_type":"localeString"},"register":{"_type":"localeString","en":"Register","ru":"Зарегистрироваться"},"comparison-deletion":{"en":"Deletion","ru":"Удаление","_type":"localeString"},"comparison-confirm":{"_type":"localeString","en":"Are you sure you want to delete","ru":"Подтвердите удаление"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"ru":"Мои данные","_type":"localeString","en":"My profile"},"about":{"_type":"localeString","en":"About Us"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4presenter":{"_type":"localeString","en":"Roi4Presenter"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"sub_it_catalogs":{"en":"Find IT product","_type":"localeString"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"_type":"localeString","en":"Make online presentations"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"en":"Products","_type":"localeString"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"},"it_our_it_catalogs":{"en":"Our IT Catalogs","_type":"localeString"},"it_products":{"en":"Find and compare IT products","_type":"localeString"},"it_implementations":{"_type":"localeString","en":"Learn implementation reviews"},"it_companies":{"en":"Find vendor and company-supplier","_type":"localeString"},"it_categories":{"en":"Explore IT products by category","_type":"localeString"},"it_our_products":{"en":"Our Products","_type":"localeString"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString","en":"All rights reserved"},"company":{"ru":"О компании","_type":"localeString","en":"My Company","de":"Über die Firma"},"about":{"de":"Über uns","ru":"О нас","_type":"localeString","en":"About us"},"infocenter":{"en":"Infocenter","de":"Infocenter","ru":"Инфоцентр","_type":"localeString"},"tariffs":{"en":"Subscriptions","de":"Tarife","ru":"Тарифы","_type":"localeString"},"contact":{"ru":"Связаться с нами","_type":"localeString","en":"Contact us","de":"Kontaktiere uns"},"marketplace":{"de":"Marketplace","ru":"Marketplace","_type":"localeString","en":"Marketplace"},"products":{"_type":"localeString","en":"Products","de":"Produkte","ru":"Продукты"},"compare":{"ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare","de":"Wähle und vergleiche"},"calculate":{"de":"Kosten berechnen","ru":"Расчитать стоимость","_type":"localeString","en":"Calculate the cost"},"get_bonus":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference","de":"Holen Sie sich einen Rabatt"},"salestools":{"de":"Salestools","ru":"Salestools","_type":"localeString","en":"Salestools"},"automatization":{"_type":"localeString","en":"Settlement Automation","de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов"},"roi_calcs":{"_type":"localeString","en":"ROI calculators","de":"ROI-Rechner","ru":"ROI калькуляторы"},"matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix","de":"Vergleichsmatrix"},"b4r":{"ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference","de":"Rebate 4 Reference"},"our_social":{"_type":"localeString","en":"Our social networks","de":"Unsere sozialen Netzwerke","ru":"Наши социальные сети"},"subscribe":{"ru":"Подпишитесь на рассылку","_type":"localeString","en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"ru":"Политика конфиденциальности","_type":"localeString","en":"Privacy Policy"},"user_agreement":{"ru":"Пользовательское соглашение ","_type":"localeString","en":"Agreement"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find":{"_type":"localeString","en":"Selection and comparison of IT product","ru":"Подбор и сравнение ИТ продукта"},"quote":{"ru":"Калькулятор цены","_type":"localeString","en":"Price calculator"},"boosting":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"4vendors":{"ru":"поставщикам","_type":"localeString","en":"4 vendors"},"blog":{"_type":"localeString","en":"blog","ru":"блог"},"pay4content":{"en":"we pay for content","ru":"платим за контент","_type":"localeString"},"categories":{"ru":"категории","_type":"localeString","en":"categories"},"showForm":{"_type":"localeString","en":"Show form","ru":"Показать форму"},"subscribe__title":{"ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString","en":"We send a digest of actual news from the IT world once in a month!"},"subscribe__email-label":{"ru":"Email","_type":"localeString","en":"Email"},"subscribe__name-label":{"ru":"Имя","_type":"localeString","en":"Name"},"subscribe__required-message":{"ru":"Это поле обязательное","_type":"localeString","en":"This field is required"},"subscribe__notify-label":{"ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString","en":"Yes, please, notify me about news, events and propositions"},"subscribe__agree-label":{"ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data"},"subscribe__submit-label":{"en":"Subscribe","ru":"Подписаться","_type":"localeString"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"en":"username@gmail.com","ru":"username@gmail.com","_type":"localeString"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString","en":"Subscription is unsuccessful. Please, try again later."},"roi4presenter":{"en":"Roi4Presenter","de":"roi4presenter","ru":"roi4presenter","_type":"localeString"},"it_catalogs":{"_type":"localeString","en":"IT catalogs"},"roi4webinar":{"en":"Pitch Avatar","_type":"localeString"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"ru":"Главная","_type":"localeString","en":"Home"},"companies":{"_type":"localeString","en":"Companies","ru":"Компании"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"registration":{"_type":"localeString","en":"Registration","ru":"Регистрация"},"b2b-platform":{"_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers","ru":"Портал для покупателей, поставщиков и производителей ИТ"}},"comment-form":{"title":{"_type":"localeString","en":"Leave comment","ru":"Оставить комментарий"},"firstname":{"_type":"localeString","en":"First name","ru":"Имя"},"lastname":{"ru":"Фамилия","_type":"localeString","en":"Last name"},"company":{"_type":"localeString","en":"Company name","ru":"Компания"},"position":{"_type":"localeString","en":"Position","ru":"Должность"},"actual-cost":{"_type":"localeString","en":"Actual cost","ru":"Фактическая стоимость"},"received-roi":{"ru":"Полученный ROI","_type":"localeString","en":"Received ROI"},"saving-type":{"ru":"Тип экономии","_type":"localeString","en":"Saving type"},"comment":{"_type":"localeString","en":"Comment","ru":"Комментарий"},"your-rate":{"ru":"Ваша оценка","_type":"localeString","en":"Your rate"},"i-agree":{"_type":"localeString","en":"I agree","ru":"Я согласен"},"terms-of-use":{"ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString","en":"With user agreement and privacy policy"},"send":{"en":"Send","ru":"Отправить","_type":"localeString"},"required-message":{"en":"{NAME} is required filed","ru":"{NAME} - это обязательное поле","_type":"localeString"}},"maintenance":{"title":{"ru":"На сайте проводятся технические работы","_type":"localeString","en":"Site under maintenance"},"message":{"ru":"Спасибо за ваше понимание","_type":"localeString","en":"Thank you for your understanding"}}},"translationsStatus":{"product":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"product":{"title":{"en":"ROI4CIO: Product","ru":"ROI4CIO: Продукт","_type":"localeString"},"meta":[{"name":"og:type","content":"website"},{"name":"og:image","content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg"}],"translatable_meta":[{"name":"og:title","translations":{"ru":"Конкретный продукт","_type":"localeString","en":"Example product"}},{"name":"og:description","translations":{"en":"Description for one product","ru":"Описание для конкретного продукта","_type":"localeString"}},{"name":"title","translations":{"ru":"Продукт","_type":"localeString","en":"Product"}},{"name":"description","translations":{"ru":"Описание продукта","_type":"localeString","en":"Product description"}},{"name":"keywords","translations":{"ru":"Ключевые слова продукта","_type":"localeString","en":"Product keywords"}}]}},"pageMetaDataStatus":{"product":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{"picus-security-platform":{"id":6079,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/Picus.png","logo":true,"scheme":false,"title":"Picus Security Platform","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"picus-security-platform","companyTitle":"Picus Security Inc.","companyTypes":["vendor"],"companyId":5771,"companyAlias":"picus-security-inc","description":"<p class=\"align-center\"><b>How Does Picus Work? </b></p>\r\n<b>Deploy</b>\r\nPicus promises an off-the-shelf software solution that can be installed and configured in hours. After software deployment, our users get their results within only minutes. \r\n<b>Assess </b>\r\nIdentify security gaps in real-time and take action in minutes with Picus mitigation guidance. \r\n<b>Mitigate </b>\r\nFor gaps revealed during our assessments, Picus provides vendor specific remediation signatures and creates a prioritization list. \r\n<b>Measure </b>\r\nInteractive dashboards present the overall picture with objective metrics and list the gaps revealed. \r\n<p class=\"align-center\"><b>Key Benefits </b></p>\r\n<b>Continuous &amp; Real World Cyber-Threat Simulation </b>\r\n<ul> <li>No technology dependency </li> <li>No security vendor or version dependency </li> <li>Works in the Production Environment </li> <li>Functions in the most complex environments </li> <li>Pinpoints weaknesses and strengths of your defense layers in real-time </li> <li>Modules: HTTP/HTTPS/Endpoint/Email </li> </ul>\r\n<b>Instant Security Control Metrics </b>\r\n<ul> <li>Measure - Picus tells you security effectiveness right now including all emerging threats </li> <li>Categorize - Picus helps you prioritize your security resources to where you need it the most </li> <li>Monitor - Picus continually assesses your resilience to threats </li> <li>Alarm - Picus sends alarms for the situations where your security risk increases </li> </ul>\r\n<b>Detailed Analysis of Your Security Posture </b>\r\nIt doesn’t matter if you have a single security technology or a security stack composed of several technologies. Our black-box testing approach is independent from underlying security topology. This will enable you to reveal the effectiveness of a single system, or security posture provided by your security stack. \r\n<b>Industry-Leading Mitigation Suggestions </b>\r\nPicus mitigation suggestions are designed to deliver an actionable to-do list to increase your security level. Proposed actions are customized for existing security infrastructures. The easy-to-apply signatures are always ready for use. Picus also ships with an open source remediation know-how that can be consumed by your security technologies. \r\n<b>Flexible Deployment, Easy Installation &amp; Reports in Hours </b>\r\nPicus promises an off-the-shelf software solution that can be installed and configured within hours to make sure users get their results within only minutes. Its flexible architecture supports both the Picus-hosted assessment for Internet vector testing and the on-site installation for internal and cross-zone vector testing. Picus exists as a virtual appliance or as software to run on physical or virtual Linux platforms. ","shortDescription":"Explore how Picus can help you to assess security controls continuously.","type":"Software","isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Picus Security Platform","keywords":"","description":"<p class=\"align-center\"><b>How Does Picus Work? </b></p>\r\n<b>Deploy</b>\r\nPicus promises an off-the-shelf software solution that can be installed and configured in hours. After software deployment, our users get their results within only minutes. \r\n<b>Assess </","og:title":"Picus Security Platform","og:description":"<p class=\"align-center\"><b>How Does Picus Work? </b></p>\r\n<b>Deploy</b>\r\nPicus promises an off-the-shelf software solution that can be installed and configured in hours. After software deployment, our users get their results within only minutes. \r\n<b>Assess </","og:image":"https://old.roi4cio.com/fileadmin/user_upload/Picus.png"},"eventUrl":"","translationId":6078,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":895,"title":"Breach and Attack Simulation Platforms","alias":"breach-and-attack-simulation-platforms","description":"<span style=\"font-weight: bold;\">Breach and attack simulations</span> are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.\r\nGartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.\r\nWhat makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.\r\n<span style=\"font-weight: bold;\">There are three different types of BAS solutions:</span>\r\n<ul><li><span style=\"font-weight: bold;\">Agent-based BAS</span> solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.</li><li><span style=\"font-weight: bold;\">BAS solutions based on “malicious” traffic.</span> These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls. </li><li><span style=\"font-weight: bold;\">Cloud-based BAS solutions.</span> BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.</li></ul>\r\nBy running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.\r\nThis automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What problems do BAS tools attempt to solve?</h1>\r\nBAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.\r\n<h1 class=\"align-center\">For which companies are BAS solutions suitable?</h1>\r\nIf you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.<br />However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.\r\n<h1 class=\"align-center\">How to Evaluate a BAS Platform?</h1>\r\n<ul><li>The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.</li><li>The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.</li><li>An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.</li><li>The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.</li><li>Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hacking.png"}],"characteristics":[],"concurentProducts":[{"id":3655,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/rapid7.png","logo":true,"scheme":false,"title":"Rapid7 insightVM","vendorVerified":0,"rating":"0.00","implementationsCount":2,"suppliersCount":0,"supplierPartnersCount":2,"alias":"rapid7-insightvm","companyTitle":"Rapid7","companyTypes":["supplier","vendor"],"companyId":210,"companyAlias":"rapid7","description":"InsightVM provides a fully available, scalable, and efficient way to collect your vulnerability data, turn it into answers, and minimize risk. InsightVM leverages the latest analytics and endpoint technology to discover vulnerabilities in a real-time view, pinpoint their location, prioritize them for your business, facilitate collaboration with other teams, and confirm your exposure has been reduced<br /><br /><span style=\"font-weight: bold;\">Secure Your Modern Network</span>\r\nAdapt to your modern network with full visibility of your ecosystem, prioritization of risk using attacker-based analytics, and SecOps-powered remediation. Pair that with unparalleled, ongoing research of the attacker mindset, and you’ll be ready to act before impact.\r\n<span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Collect Data Across Your Ecosystem</span></span>\r\n• Continuous Endpoint Monitoring Using the Insight Agent\r\nThe Rapid7 Insight Agent automatically collects data from all your endpoints, even those from remote workers and sensitive assets that cannot be actively scanned, or that rarely join the corporate network. Pair InsightVM with Rapid7 InsightIDR to get a complete picture of the risks posed by your endpoints and their users.\r\n• Liveboards, Not Static Dashboards\r\nDrawing from fresh vulnerability data, InsightVM Liveboards are live and interactive by nature. You can easily create custom, tailored cards and full dashboards for anyone—from sysadmins to CISOs—and query each card with simple language to track progress of your security program. Visualize, prioritize, assign, and fix your exposures more easily than ever before.\r\n• Cloud, Virtual, and Container Assessment\r\nInsightVM integrates with cloud services, virtual infrastructure, and container repositories like Amazon Web Services, Microsoft Azure, and VMware to make sure you don’t miss any new instances and Docker containers that are brought online. You can also correlate deployed containers to assets, so you can secure both containers and container hosts—all at no additional cost.<br /><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\"><br />Prioritize Using Attacker Analytics</span></span>\r\n• Attacker-Based Risk Analysis\r\nPrioritize risk the way attackers would. InsightVM translates decades of attacker knowledge into proven analytics. The granular, 1-1000 Real Risk score takes into account CVSS scores, malware exposure, exploit exposure and ease of use, and vulnerability age. This makes it simpler—and more precise than CVSS alone—to prioritize vulnerabilities for remediation. Rapid7 Project Sonar data and threat feeds translate to dashboards within InsightVM, so you can understand which external network doors you’re missing and which vulnerabilities attackers are actively exploiting.\r\n• Live Remediation Planning\r\nOnce the most critical vulnerabilities are brought to the surface, assign and track remediation duties in real time with Remediation Workflows. InsightVM integrates with IT ticketing solutions like Atlassian Jira and ServiceNow, making it easy for IT to take action. InsightVM also integrates with Rapid7 InsightConnect, our security orchestration and automation platform, to bring automation and prioritization to the patching process.<br /><br /><span style=\"font-style: italic;\"><span style=\"font-weight: bold;\">Remediate with SecOps Agility</span></span>\r\nTo move faster and more securely, you need to go beyond scanning in silos. InsightVM is built to enable collaboration with IT operations and developers through shared visibility, analytics, and automation. What does this look like in practice? InsightVM integrates with IT’s existing workflows and ticketing systems to provide remediation instructions with context, thus accelerating remediation, and provides actionable reporting on program progress for every audience—from IT and compliance to the C-Suite. On the development side of the house, InsightVM lets you assess containers to ensure services are secure before they go into production, and the Rapid7 Insight Agent helps infrastructure teams automatically assess new cloud infrastructure as soon as it goes live.","shortDescription":"RAPID7 insightVM is an advanced vulnerability management analytics and reporting","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":12,"sellingCount":4,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Rapid7 insightVM","keywords":"","description":"InsightVM provides a fully available, scalable, and efficient way to collect your vulnerability data, turn it into answers, and minimize risk. InsightVM leverages the latest analytics and endpoint technology to discover vulnerabilities in a real-time view, pin","og:title":"Rapid7 insightVM","og:description":"InsightVM provides a fully available, scalable, and efficient way to collect your vulnerability data, turn it into answers, and minimize risk. InsightVM leverages the latest analytics and endpoint technology to discover vulnerabilities in a real-time view, pin","og:image":"https://old.roi4cio.com/fileadmin/user_upload/rapid7.png"},"eventUrl":"","translationId":3656,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":79,"title":"VM - Vulnerability management","alias":"vm-vulnerability-management","description":"Vulnerability management is the &quot;cyclical practice of identifying, classifying, prioritizing, remediating and mitigating&quot; software vulnerabilities. Vulnerability management is integral to computer security and network security, and must not be confused with a Vulnerability assessment.\r\nVulnerability management is an ongoing process that includes proactive asset discovery, continuous monitoring, mitigation, remediation and defense tactics to protect your organization's modern IT attack surface from Cyber Exposure.\r\nVulnerabilities can be discovered with a vulnerability scanner, which analyzes a computer system in search of known vulnerabilities, such as open ports, insecure software configurations, and susceptibility to malware infections. They may also be identified by consulting public sources, such as NVD, or subscribing to a commercial vulnerability alerting services. Unknown vulnerabilities, such as a zero-day, may be found with fuzz testing, which can identify certain kinds of vulnerabilities, such as a buffer overflow with relevant test cases. Such analysis can be facilitated by test automation. In addition, antivirus software capable of heuristic analysis may discover undocumented malware if it finds software behaving suspiciously (such as attempting to overwrite a system file).\r\nCorrecting vulnerabilities may variously involve the installation of a patch, a change in network security policy, reconfiguration of software, or educating users about social engineering.\r\nNetwork vulnerabilities represent security gaps that could be abused by attackers to damage network assets, trigger a denial of service, and/or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit — and taking advantage of old vulnerabilities that may have gone unpatched.\r\nHaving a vulnerability management framework in place that regularly checks for new vulnerabilities is crucial for preventing cybersecurity breaches. Without a vulnerability testing and patch management system, old security gaps may be left on the network for extended periods of time. This gives attackers more of an opportunity to exploit vulnerabilities and carry out their attacks.\r\nOne statistic that highlights how crucial vulnerability management was featured in an Infosecurity Magazine article. According to survey data cited in the article, of the organizations that “suffered a breach, almost 60% were due to an unpatched vulnerability.” In other words, nearly 60% of the data breaches suffered by survey respondents could have been easily prevented simply by having a vulnerability management plan that would apply critical patches before attackers leveraged the vulnerability.","materialsDescription":" <span style=\"font-weight: bold;\">What is vulnerability management?</span>\r\nVulnerability management is a pro-active approach to managing network security by reducing the likelihood that flaws in code or design compromise the security of an endpoint or network.\r\n<span style=\"font-weight: bold;\">What processes does vulnerability management include?</span>\r\nVulnerability management processes include:\r\n<ul><li><span style=\"font-style: italic;\">Checking for vulnerabilities:</span> This process should include regular network scanning, firewall logging, penetration testing or use of an automated tool like a vulnerability scanner.</li><li><span style=\"font-style: italic;\">Identifying vulnerabilities:</span> This involves analyzing network scans and pen test results, firewall logs or vulnerability scan results to find anomalies that suggest a malware attack or other malicious event has taken advantage of a security vulnerability, or could possibly do so.</li><li><span style=\"font-style: italic;\">Verifying vulnerabilities:</span> This process includes ascertaining whether the identified vulnerabilities could actually be exploited on servers, applications, networks or other systems. This also includes classifying the severity of a vulnerability and the level of risk it presents to the organization.</li><li><span style=\"font-style: italic;\">Mitigating vulnerabilities:</span> This is the process of figuring out how to prevent vulnerabilities from being exploited before a patch is available, or in the event that there is no patch. It can involve taking the affected part of the system off-line (if it's non-critical), or various other workarounds.</li><li><span style=\"font-style: italic;\">Patching vulnerabilities:</span> This is the process of getting patches -- usually from the vendors of the affected software or hardware -- and applying them to all the affected areas in a timely way. This is sometimes an automated process, done with patch management tools. This step also includes patch testing.</li></ul>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/VM_-_Vulnerability_management1.png"},{"id":895,"title":"Breach and Attack Simulation Platforms","alias":"breach-and-attack-simulation-platforms","description":"<span style=\"font-weight: bold;\">Breach and attack simulations</span> are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.\r\nGartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.\r\nWhat makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.\r\n<span style=\"font-weight: bold;\">There are three different types of BAS solutions:</span>\r\n<ul><li><span style=\"font-weight: bold;\">Agent-based BAS</span> solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.</li><li><span style=\"font-weight: bold;\">BAS solutions based on “malicious” traffic.</span> These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls. </li><li><span style=\"font-weight: bold;\">Cloud-based BAS solutions.</span> BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.</li></ul>\r\nBy running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.\r\nThis automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What problems do BAS tools attempt to solve?</h1>\r\nBAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.\r\n<h1 class=\"align-center\">For which companies are BAS solutions suitable?</h1>\r\nIf you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.<br />However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.\r\n<h1 class=\"align-center\">How to Evaluate a BAS Platform?</h1>\r\n<ul><li>The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.</li><li>The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.</li><li>An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.</li><li>The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.</li><li>Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hacking.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":3928,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/xm_cyber.png","logo":true,"scheme":false,"title":"XM Cyber HaXM","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"xm-cyber-haxm","companyTitle":"XM Cyber","companyTypes":["supplier","vendor"],"companyId":5594,"companyAlias":"xm-cyber","description":"HaXM by XM Cyber is the first breach and attack simulation (BAS) platform to simulate, validate and remediate attackers’ paths to your critical assets 24×7. HaXM’s automated purple teaming aligns red and blue teams to provide the full realistic APT experience on one hand while delivering vital prioritized remediation on the other. Addressing real user behavior and exploits, the full spectrum of scenarios is aligned to your organization’s own network to expose blind spots and is executed using the most up-to-date attack techniques safely, without affecting network availability and user experience.\r\n<b><i>Safeguard your critical assets</i></b>\r\n<b>Always know the attack paths </b>\r\n<ul> <li>Continuously identifies attack vectors to your target assets 24×7 </li> <li>Prioritizes actionable remediation </li> </ul>\r\n<b>Reduce your IT Hygiene risk</b>\r\n<ul> <li>Provides significant IT hygiene lift </li> <li>Drives down IT security risk </li> </ul>\r\n<b>Optimize your cyber resources</b>\r\n<ul> <li>Cost-effectively optimizes your cyber resources </li> <li>Runs risk score formula to quantify impact of breaches </li> </ul>\r\n<b>Make data-driven decisions</b>\r\n<ul> <li>Measures attack critically then follows up with actionable remediation </li> <li>Reports justify security investment </li> </ul>\r\n<b><i>The XM Cyber Approach </i></b>\r\nHarnessing purple team power, HaXM by XM continuously optimizes red and blue team capabilities to expedite the entire exposure, assessment and remediation cycle and improve your security posture. Adopting a 360° end-to-end identification to remediation cycle, HaXM addresses your organization’s distinct network environment and user behavior 24×7. \r\n<b><i>The XM Cyber Technology </i></b>\r\nXM Cyber’s patented technology features proprietary algorithms that account for the most up-to-date attack techniques, endless customer specific scenarios and the human factor to perform advanced APT on the attack path to your critical assets. We use the latest simulation and assessment techniques to provide immediate validation of your security posture. \r\n<b><i>The XM Cyber Team </i></b>\r\nXM Cyber was founded by the highest caliber of security executives from the elite Israel intelligence sector. Together they bring a second-to-none proven track record in offensive and defensive cyber space. ","shortDescription":"One step ahead of the attack. Always\r\n","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":5,"sellingCount":2,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"XM Cyber HaXM","keywords":"","description":"HaXM by XM Cyber is the first breach and attack simulation (BAS) platform to simulate, validate and remediate attackers’ paths to your critical assets 24×7. HaXM’s automated purple teaming aligns red and blue teams to provide the full realistic APT experience ","og:title":"XM Cyber HaXM","og:description":"HaXM by XM Cyber is the first breach and attack simulation (BAS) platform to simulate, validate and remediate attackers’ paths to your critical assets 24×7. HaXM’s automated purple teaming aligns red and blue teams to provide the full realistic APT experience ","og:image":"https://old.roi4cio.com/fileadmin/user_upload/xm_cyber.png"},"eventUrl":"","translationId":3927,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":895,"title":"Breach and Attack Simulation Platforms","alias":"breach-and-attack-simulation-platforms","description":"<span style=\"font-weight: bold;\">Breach and attack simulations</span> are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.\r\nGartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.\r\nWhat makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.\r\n<span style=\"font-weight: bold;\">There are three different types of BAS solutions:</span>\r\n<ul><li><span style=\"font-weight: bold;\">Agent-based BAS</span> solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.</li><li><span style=\"font-weight: bold;\">BAS solutions based on “malicious” traffic.</span> These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls. </li><li><span style=\"font-weight: bold;\">Cloud-based BAS solutions.</span> BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.</li></ul>\r\nBy running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.\r\nThis automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What problems do BAS tools attempt to solve?</h1>\r\nBAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.\r\n<h1 class=\"align-center\">For which companies are BAS solutions suitable?</h1>\r\nIf you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.<br />However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.\r\n<h1 class=\"align-center\">How to Evaluate a BAS Platform?</h1>\r\n<ul><li>The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.</li><li>The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.</li><li>An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.</li><li>The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.</li><li>Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hacking.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":4228,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/safebreach.png","logo":true,"scheme":false,"title":"SafeBreach Platform","vendorVerified":0,"rating":"0.00","implementationsCount":0,"suppliersCount":0,"supplierPartnersCount":0,"alias":"safebreach-platform","companyTitle":"SafeBreach","companyTypes":["supplier","vendor"],"companyId":5798,"companyAlias":"safebreach","description":"The SafeBreach platform provides unmatched visibility into an organization's true cyber-security posture. SafeBreach enables data-driven risk analysis, resource prioritization and guided mitigation. The platform continuously and safely tests and optimizes the effectiveness of your security infrastructure against the business value of your assets. \r\n<b>Testing Your Security </b>\r\n<ul> <li>Deploy simulators within your organization's information ecosystem</li> <li>Specify the value of your IT resources and the types of tests that are relevant to your organization's defenses</li> <li>Execute the SafeBreach tests to fully validate the state of your security architecture</li> </ul>\r\n<b>Prioritizing Results </b>\r\n<ul> <li>Visualize results across the kill chain, to easily identify where to focus remediation efforts</li> <li>Identify the security gaps which open the largest number of attack vectors and rank the gaps by their potential business impact</li> <li>Review the remediation options provided by the SafeBreach Insights instructions and set your priorities accordingly</li> </ul>\r\n<b>Remediate Issues </b>\r\n<ul> <li>Review SafeBreach Insights information for detailed instructions and data on closing the security gaps</li> <li>Integrate with the broad range of SafeBreach technology partners to provide fully automated remediation</li> <li>Monitor and act on the regularly</li> </ul>\r\n<b>How it works?</b>\r\nThe SafeBreach platform carries out continuous, automated testing of an organization’s security architecture using advanced, patented simulation technology. SafeBreach attack simulations are exact reproductions of an attacker's tactics and techniques, but pose no risk to the organization’s operations or assets. Attacks are executed between simulator instances deployed both within and outside the organization’s network. This approach provides broad coverage and fully tests the entire security ecosystem deployed by your organization. ","shortDescription":"The SafeBreach Platform safely executes real attacks in production environments to prove where security can withstand attacks, and where it needs to be improved","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":3,"sellingCount":10,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"SafeBreach Platform","keywords":"","description":"The SafeBreach platform provides unmatched visibility into an organization's true cyber-security posture. SafeBreach enables data-driven risk analysis, resource prioritization and guided mitigation. The platform continuously and safely tests and optimizes the","og:title":"SafeBreach Platform","og:description":"The SafeBreach platform provides unmatched visibility into an organization's true cyber-security posture. SafeBreach enables data-driven risk analysis, resource prioritization and guided mitigation. The platform continuously and safely tests and optimizes the","og:image":"https://old.roi4cio.com/fileadmin/user_upload/safebreach.png"},"eventUrl":"","translationId":4227,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":24,"title":"DLP - Data Leak Prevention","alias":"dlp-data-leak-prevention","description":"Data leak prevention (DLP) is a suite of technologies aimed at stemming the loss of sensitive information that occurs in enterprises across the globe. By focusing on the location, classification and monitoring of information at rest, in use and in motion, this solution can go far in helping an enterprise get a handle on what information it has, and in stopping the numerous leaks of information that occur each day. DLP is not a plug-and-play solution. The successful implementation of this technology requires significant preparation and diligent ongoing maintenance. Enterprises seeking to integrate and implement DLP should be prepared for a significant effort that, if done correctly, can greatly reduce risk to the organization. Those implementing the solution must take a strategic approach that addresses risks, impacts and mitigation steps, along with appropriate governance and assurance measures.","materialsDescription":" <span style=\"font-weight: bold;\">How to protect the company from internal threats associated with leakage of confidential information?</span>\r\nIn order to protect against any threat, you must first realize its presence. Unfortunately, not always the management of companies is able to do this if it comes to information security threats. The key to successfully protecting against information leaks and other threats lies in the skillful use of both organizational and technical means of monitoring personnel actions.\r\n<span style=\"font-weight: bold;\">How should the personnel management system in the company be organized to minimize the risks of leakage of confidential information?</span>\r\nA company must have a special employee responsible for information security, and a large department must have a department directly reporting to the head of the company.\r\n<span style=\"font-weight: bold;\">Which industry representatives are most likely to encounter confidential information leaks?</span>\r\nMore than others, representatives of such industries as industry, energy, and retail trade suffer from leaks. Other industries traditionally exposed to leakage risks — banking, insurance, IT — are usually better at protecting themselves from information risks, and for this reason they are less likely to fall into similar situations.\r\n<span style=\"font-weight: bold;\">What should be adequate measures to protect against leakage of information for an average company?</span>\r\nFor each organization, the question of protection measures should be worked out depending on the specifics of its work, but developing information security policies, instructing employees, delineating access to confidential data and implementing a DLP system are necessary conditions for successful leak protection for any organization. Among all the technical means to prevent information leaks, the DLP system is the most effective today, although its choice must be taken very carefully to get the desired result. So, it should control all possible channels of data leakage, support automatic detection of confidential information in outgoing traffic, maintain control of work laptops that temporarily find themselves outside the corporate network...\r\n<span style=\"font-weight: bold;\">Is it possible to give protection against information leaks to outsourcing?</span>\r\nFor a small company, this may make sense because it reduces costs. However, it is necessary to carefully select the service provider, preferably before receiving recommendations from its current customers.\r\n<span style=\"font-weight: bold;\">What data channels need to be monitored to prevent leakage of confidential information?</span>\r\nAll channels used by employees of the organization - e-mail, Skype, HTTP World Wide Web protocol ... It is also necessary to monitor the information recorded on external storage media and sent to print, plus periodically check the workstation or laptop of the user for files that are there saying should not.\r\n<span style=\"font-weight: bold;\">What to do when the leak has already happened?</span>\r\nFirst of all, you need to notify those who might suffer - silence will cost your reputation much more. Secondly, you need to find the source and prevent further leakage. Next, you need to assess where the information could go, and try to somehow agree that it does not spread further. In general, of course, it is easier to prevent the leakage of confidential information than to disentangle its consequences.","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/icon_Data_Leak_Prevention.png"},{"id":895,"title":"Breach and Attack Simulation Platforms","alias":"breach-and-attack-simulation-platforms","description":"<span style=\"font-weight: bold;\">Breach and attack simulations</span> are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.\r\nGartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.\r\nWhat makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.\r\n<span style=\"font-weight: bold;\">There are three different types of BAS solutions:</span>\r\n<ul><li><span style=\"font-weight: bold;\">Agent-based BAS</span> solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.</li><li><span style=\"font-weight: bold;\">BAS solutions based on “malicious” traffic.</span> These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls. </li><li><span style=\"font-weight: bold;\">Cloud-based BAS solutions.</span> BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.</li></ul>\r\nBy running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.\r\nThis automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What problems do BAS tools attempt to solve?</h1>\r\nBAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.\r\n<h1 class=\"align-center\">For which companies are BAS solutions suitable?</h1>\r\nIf you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.<br />However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.\r\n<h1 class=\"align-center\">How to Evaluate a BAS Platform?</h1>\r\n<ul><li>The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.</li><li>The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.</li><li>An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.</li><li>The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.</li><li>Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hacking.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]},{"id":6245,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/cymulate_logo.png","logo":true,"scheme":false,"title":"Cymulate BAS","vendorVerified":0,"rating":"1.80","implementationsCount":3,"suppliersCount":0,"supplierPartnersCount":0,"alias":"cymulate-bas","companyTitle":"Cymulate","companyTypes":["vendor"],"companyId":8254,"companyAlias":"cymulate","description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowers companies to safeguard their business-critical assets. With just a few clicks, Cymulate challenges your security controls by initiating thousands of attack simulations, showing you exactly where you’re exposed and how to fix it, making security continuous, fast and part of everyday activities.\r\nCymulate runs quietly in the background without slowing down your business activities. Deploy a single lightweight agent to start running unlimited attack simulations. The easy to use interface makes it simple to understand your security posture.<br /><br />\r\n<span style=\"font-weight: bold;\">Cymulate products</span>\r\n<span style=\"font-weight: bold;\">Full Kill-Chain APT </span><br />Since an Advanced Persistent Threat (APT) attempts to bypass security controls across the cyber kill chain, from attack delivery to exploitation and post-exploitation, defending against an APT requires testing the effectiveness of multiple security controls within your arsenal. Since the efficacy of one control affects the exposure of the next control in the kill chain, ascertaining if your defenses work against a full-blown attack becomes a daunting proposition.\r\nCymulate’s Full Kill-Chain APT Simulation Module solves the challenge of security effectiveness testing across the entire cyber kill chain by instrumenting your security framework in a comprehensive and easy-to-use manner. Instead of challenging each attack vector separately, organizations can now run a simulation of a full-scale APT attack with a click of a button, and gain a convenient, single-pane view of security gaps across their arsenal.<br /><br /><span style=\"font-weight: bold;\">Email Gateway</span>\r\nThis vector is designed to evaluate your organization’s email security and potential exposure to a number of malicious payloads sent by email. The simulated attack exposes critical vulnerabilities within the email security framework. By sending emails with attachments containing ransomware, worms, Trojans, or links to malicious websites, the simulation reveals if simulated malicious emails could bypass your organizations’ first line of defense and reach your employees’ inbox. After running a simulation, the next step would be to test employees’ security awareness regarding socially engineered emails that try to lure them into opening malicious attachments, disclosing their credentials or clicking on malicious links.\r\nThe simulation results are presented in an easy-to-understand comprehensive report. Mitigation recommendations are offered for each security gap discovered depending on the type of attack simulated, and how far the threat has managed to bypass security controls and distribute itself, enabling IT and security teams to take the appropriate countermeasures.<br /><br /><span style=\"font-weight: bold;\">Web Gateway</span>\r\nCymulate’s Web Gateway cyber attack simulation vector is designed to evaluate your organization’s inbound and outbound exposure to malicious or compromised websites and current capabilities to analyze any inbound traffic. It enables you to verify your organization’s exposure to an extensive and continuously growing database of malicious and compromised websites. Immediate, actionable simulation results enable IT and security teams to identify security gaps, prioritize remediation and take corrective measures to reduce your organization’s attack surface.<br /><br /><span style=\"font-weight: bold;\">Web Application Firewall</span>\r\nWAF (Web Application Firewall) vector challenges your WAF security resilience to web payloads and assists in protecting your web apps from future attacks. With Cymulate’s WAF attack simulation, you can check if your WAF configuration, implementation and features are able to block payloads before they get anywhere near your web applications. The platform simulates an attacker who tries to bypass your organization’s WAF and reaches the web application, after which they attempt to perform malicious actions such as mining sensitive information, inflicting damage and forwarding users to infected websites using applicative attacks such as cross-site scripting (XSS), SQL and command injections.\r\nAt the end of each WAF attack simulation, or other simulation vector, a Cymulate Risk Score is provided, indicating the organization’s exposure, along with other KPI metrics and actionable guidelines to fine-tune controls and close security gaps.<br /><br /><span style=\"font-weight: bold;\">Phishing Awareness</span>\r\nThis vector helps companies asses their employees' awareness to socially engineered attack campaigns. Cymulate’s Phishing Awareness vector is designed to evaluate your employees’ security awareness. It simulates phishing campaigns and detects weak links in your organization. Since it is designed to reduce the risk of spear-phishing, ransomware or CEO fraud, the solution can help you to deter data breaches, minimize malware-related downtime and save money on incident response.\r\nSecurity awareness among employees is tested by creating and executing simulated, customized phishing campaigns enabling you to detect who are the weakest links in your organization. The phishing simulation utilizes ready-made out-of-the-box templates or custom-built templates assigned to a corresponding landing page with dummy malicious links. At the end of the simulation, a report is generated summarizing statistics and details of employees who have opened the email, and those who have clicked on the dummy malicious link, enabling organizations to assess their employees’ readiness to identify hazardous email.<br /><br /><span style=\"font-weight: bold;\">Endpoint Security </span>\r\nCymulate’s Endpoint Security vector allows organizations to deploy and run simulations of ransomware, Trojans, worms, and viruses on a dedicated endpoint in a controlled and safe manner. The attacks simulation ascertains if the security products are tuned properly and are actually protecting your organization’s critical assets against the latest attack methods. The comprehensive testing covers all aspects of endpoint security, including but not limited to: behavioral detection, virus detection, and known vulnerabilities.\r\nThe endpoint attack simulation results offer immediate, actionable results, including Cymulate’s risk score, KPI metrics, remediation prioritization and technical and executive-level reporting.<br /><br /><span style=\"font-weight: bold;\">Lateral Movement</span>\r\nLateral Movement (Hopper) vector challenges companies internal networks against different techniques and methods used by attackers to gain access and control additional systems on a network, following the initial compromise of single system. Cymulate’s Lateral Movement vector simulates a compromised workstation inside the organization and exposes the risk posed by a potential cyberattack or threat. Various techniques and methods are used to laterally move inside the network.\r\nThe platform uses a sophisticated and effective algorithm to mimic all the common and clever techniques that the most skilled hackers use to move around inside the network.\r\nThe Hopper attack simulation results are presented in an interactive graphic diagram that shows the attacker’s lateral movement path, along with Cymulate’s risk score, KPI metrics and actionable mitigation recommendations. By taking corrective action, IT and security teams can take the appropriate countermeasures to increase their internal network security.<br /><br /><span style=\"font-weight: bold;\">Data Exfiltration </span>\r\nThe vector challenges company's Data Loss Prevention (DLP) controls, enabling company to assess the security of outbound critical data before company sensitive information is exposed. The Data Exfiltration vector is designed to evaluate how well your DLP solutions and controls prevent any extraction of critical information from outside the organization. The platform tests the outbound flows of data (such as personally identifiable (PII), medical, financial and confidential business information) to validate that those information assets stay indoors.\r\nThe attack simulation results are presented in a comprehensive and easy-to-use format, allowing organizations to understand their DLP-related security gaps and take the appropriate measures using actionable mitigation recommendations.<br /><br /><span style=\"font-weight: bold;\">Immediate Threat Intelligence </span><br />Cymulate’s Immediate Threat Intelligence vector is designed to inform and evaluate your organization’s security posture as quickly as possible against the very latest cyber attacks. The simulation is created by the Cymulate Research Lab which catches and analyzes threats immediately after they are launched by cybercriminals and malicious hackers.\r\nBy running this simulation, you can validate within a short time if your organization would be vulnerable to these latest threats and take measures before an attack takes place.\r\nThe simulation results are presented in an easy-to-understand comprehensive report. Mitigation recommendations are offered for each threat that has been discovered, and vary according to the type of attack simulated, and the extent to which the attack was able to distribute itself. This allows the organization to truly understand its security posture and take action to improve or update controls where necessary.","shortDescription":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cymulate BAS","keywords":"","description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowe","og:title":"Cymulate BAS","og:description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowe","og:image":"https://old.roi4cio.com/fileadmin/user_upload/cymulate_logo.png"},"eventUrl":"","translationId":6247,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":895,"title":"Breach and Attack Simulation Platforms","alias":"breach-and-attack-simulation-platforms","description":"<span style=\"font-weight: bold;\">Breach and attack simulations</span> are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.\r\nGartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.\r\nWhat makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.\r\n<span style=\"font-weight: bold;\">There are three different types of BAS solutions:</span>\r\n<ul><li><span style=\"font-weight: bold;\">Agent-based BAS</span> solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.</li><li><span style=\"font-weight: bold;\">BAS solutions based on “malicious” traffic.</span> These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls. </li><li><span style=\"font-weight: bold;\">Cloud-based BAS solutions.</span> BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.</li></ul>\r\nBy running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.\r\nThis automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What problems do BAS tools attempt to solve?</h1>\r\nBAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.\r\n<h1 class=\"align-center\">For which companies are BAS solutions suitable?</h1>\r\nIf you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.<br />However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.\r\n<h1 class=\"align-center\">How to Evaluate a BAS Platform?</h1>\r\n<ul><li>The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.</li><li>The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.</li><li>An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.</li><li>The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.</li><li>Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hacking.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":["Shortage of inhouse software developers","Shortage of inhouse IT resources","Shortage of inhouse IT engineers","High costs of IT personnel"],"materials":[],"useCases":[],"best_practices":[],"values":["Reduce Costs","Ensure Security and Business Continuity"],"implementations":[],"presenterCodeLng":"","productImplementations":[]}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}