Too many pen tests are more or less vulnerability scans.
So, how many orgs engage in the next logical step, red teaming?
Better yet, how many orgs engage a red team to test their incident response process & procedures for ransomware, malware, DDoS / DoS, APT, or brute forcing / rainbow attacks throughout the cyber kill chain (http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542)?
As orgs progress w/ pen testing, red teaming, etc., they need to up the ante with more inclusive testing.
No comments:
Post a Comment