Security teams typically use several different testing tools to evaluate infrastructure. 69.9% of security teams use vendor-provided testing tools, 60.2% use pen-testing tools, and 59.7% use homegrown tools and scripts. Automated Breach and Attack Simulation (BAS) tools enable you to answer these questions. BAS complements point-in-time testing to continually challenge, measure, and optimize the effectiveness of security controls. BAS is automated, allowing you to test as needed, and the best solutions assess as needed.
Source: https://thehackernews.com/2020/01/cybersecurity-controls-framework.html