I am interested to know if anyone has experience using automated security validation tools such as Pentara’s ASV or Threat Intelligence’s Evolved. These are systems that will try to exploit vulnerabilities in your network and leave harmless payloads as breadcrumbs for proof.
Have you seen success? Any pitfalls? Does it have ongoing return on investment?
Unfortunately not but looks interesting so will investigate these a bit more.
I’ve looked at Pentera, FireCompass and Randori. These all look to be fine tools, and I think the consensus is that they are worthwhile. I prefer Pentera, based on breadth and depth of features. However, I haven’t personally tested these tools side by side. Currently, we are using CyCognito, which has an effective “external attack surface management” (passive and active vulnerability scan) capability as well as active exploitation capability a la Pentera. It’s an effective tool, although I believe Pentera is stronger at exploitation. I’m interested to hear the views of others who are using these tools…