Preview Mode Links will not work in preview mode

CyberSecurity Sense is LBMC Information Security's podcast that provides insight and updates on such information security topics as: IPS Monitoring and Managed IDS Services, Security Information Event Management, Digital Forensic Analysis, Electronic Discovery and Litigation Support, Computer Security Incident Response, Penetration Testing, Risk Assessments, Security Program Planning, Web Application Security Assessments, ACAB LADMF Certification Assessments, CMS Information Security, FedRAMP, FISMA Compliance, HIPAA Compliance, HITRUST CSF Certifications, NIST 800-171 Certifications, PCI Data Security Standards, SOC Reporting and SOX Compliance. 

Jul 18, 2018

In a previous podcast, we discussed purple-teaming as it compares to a conventional penetration test. Let’s now build on that approach, starting with the differences between attack simulation and conventional penetration tests. The methodology of attack simulation is the assumption that the network or a system will become compromised and the current controls will not prevent the infection.

So, how does attack simulation differ from purple-teaming? With purple-teaming, everyone know what controls are being tested and when. The attack simulation is a bit different, asthe focus is the emulation of a specific attacker group and their methods of obtaining sensitive data. In this podcast, LBMC Information Security’s Bill Dean discusses attack simulation, or what some people label adversary simulation.