Penetration Tests and Red Team Exercises
CIS Control 20
Test the overall strength of your defense (the people, processes, and technology) by simulating the objectives and actions of an attacker.
Why is this Critical?
Penetration testing has become an essential part of a modern security practice. By simulating the tactics and techniques used by attackers, pen testers can expose weaknesses in an organization’s operating systems, network devices and application software, giving deeper insight into the business risks of vulnerabilities. By regularly performing internal and external penetration tests, organizations can evaluate their preparedness for potential attacks, meet compliance requirements, and fix vulnerabilities before attackers can exploit them. The findings from red team exercises help mature the coverage from other CIS Controls.