Automated security effectiveness testing can help you test the effectiveness of your security controls against the latest cyber attacks. Simulated attacks can be run on a dedicated system to avoid compromising a real user’s system. By running ongoing or daily simulations of the newest menaces across your network, you can determine if your controls are catching IoCs such as command & control (C2) URLs and malicious file hashes. Challenging email security controls can reveal whether your email gateway is blocking multi-layer nested files, whether a policy is set up to filter out spoofed email addresses.
Source: https://thehackernews.com/2019/06/breach-attack-simulation.html