Gartner defines adversarial exposure validation (AEV) as technologies that deliver consistent, continuous and automated evidence of the feasibility of an attack. These technologies confirm how potential attack techniques would successfully exploit an organization and circumvent prevention and detection security controls. They achieve this by performing attack scenarios and modeling or measuring the outcome to prove the existence and exploitability of exposures. AEV is generally delivered as a SaaS solution with or without on-premises agents. AEV technologies provide automated execution of both simplified and/or extensible attack scenarios. Results data from an executed attack scenario is used for various outcomes, such as: validating a theoretical exposure as real, automating frequent controls testing, improving preventive security posture or improving detection and response capabilities.
Brand Protection software guards against suspicious listings and brand abuse networks that infringe on your intellectual property, sell counterfeit products and commit other online scams against your brand . This software continuously monitors and detects infringements including fake domains , third party sites, unauthorized apps and search engine results,thus helping in overcoming brand impersonation, minimizing monetary and reputational damage. Also, the analytics generated by brand protection software can be used to determine a brand's vulnerability and provide practical guidance on how to improve the brand's online presence, by providing holistic workflows and interactive report tracking to improve content management. Brand managers, marketing teams, and security teams addressing external threats to their social media accounts, reputation, online brand, and follower engagement are the predominant users.
External attack surface management (EASM) refers to the processes, technology and professional services deployed to discover internet-facing enterprise assets and systems and exposures that could be exploited by malicious threat actors. EASM is useful in identifying unknown assets and providing information about the organization’s systems, cloud services and applications that are available and visible in the public domain and therefore can be exploited by an attacker/adversary. This visibility can also be extended to the organization’s subsidiaries or third parties. EASM are most commonly cloud-based products and services but can also be delivered ‘as a service’. EASM appeals to security operations functions involved with penetration testing, vulnerability management and threat hunting who want better visibility of their internet-facing assets to complement their threat and exposure management program.
The SACBT market is characterized by vendor offerings that include one or more of the following capabilities: 1. Ready-to-use training and educational content. 2. Employee testing and knowledge checks. 3. Availability in multiple languages, natively or through subtitling or partial translation (in many cases, language support is diverse and localized). 4. Phishing and other social engineering attack simulations. 5. Platform and awareness analytics to help measure the efficacy of the awareness program. Training modules are available as cloud-hosted SaaS applications or on-premises deployments via client-managed learning management systems (LMSs), and also support the Sharable Content Object Reference Model (SCORM) standard, enabling integration with corporate LMSs.