CIS Control 18 focuses on penetration testing, which involves testing the effectiveness and resiliency of enterprise assets by identifying and exploiting weaknesses in controls (people, processes, and technology). It simulates attacker objectives and actions to reveal vulnerabilities and improve security posture. Periodic testing helps organizations identify gaps and assess resilience in their defenses. Source
The five safeguards are: 18.1 Establish and Maintain a Penetration Testing Program, 18.2 Perform Periodic External Penetration Tests, 18.3 Remediate Penetration Test Findings, 18.4 Validate Security Measures, and 18.5 Perform Periodic Internal Penetration Tests. Each safeguard is mapped to a NIST CSF function and an implementation group. Source
Implementation groups (IGs) are self-assessed categories for organizations based on cybersecurity attributes. IG1 is the most basic, IG2 is intermediate, and IG3 is the most advanced. Higher-level groups include the requirements of lower ones. Penetration testing in CIS Control 18 starts from IG2. Source
Independent penetration testing provides objective insights into vulnerabilities in enterprise assets and human factors, as well as the effectiveness of defenses. It helps reveal process weaknesses, inconsistent configuration management, and gaps in end-user training, supporting ongoing security management and improvement. Source
Penetration testing can cover external and internal networks, applications, systems, social engineering campaigns, user awareness, and physical access controls. The goal is to identify gaps and assess resilience across people, processes, and technology. Source
CIS Control 18 builds on the foundation of other controls by testing the effectiveness of implemented safeguards. It helps organizations validate their security measures and identify areas for improvement. Source
All items in CIS Control 18 start from Implementation Group 2 (IG2), which means penetration testing is typically performed by organizations with a moderate level of security maturity and resources. Source
Periodic penetration testing helps organizations identify vulnerabilities, assess the effectiveness of their controls, and improve their overall security posture. It also reveals weaknesses in processes and end-user training, supporting continuous improvement. Source
Social engineering campaigns are part of penetration testing to assess user awareness and physical access controls. These tests simulate attacker tactics to identify gaps in human factors and organizational processes. Source
Organizations self-assess their cybersecurity attributes to determine their implementation group (IG1, IG2, or IG3). The group reflects their security maturity and resource availability, guiding which safeguards to implement. Source
Ionix provides Attack Surface Discovery, Risk Assessment, Risk Prioritization, Risk Remediation, and Exposure Validation. The platform discovers all exposed assets, including shadow IT, assesses vulnerabilities, prioritizes risks, and offers actionable remediation workflows. Source
Ionix's Connective Intelligence engine maps the real attack surface and digital supply chains, enabling security teams to evaluate every asset in context and proactively block exploitable attack vectors. Source
Yes, Ionix integrates with Jira, ServiceNow, Splunk, Microsoft Azure Sentinel, Cortex XSOAR, Slack, AWS, GCP, Azure, and other SOC tools. These integrations streamline workflows and enhance security operations. Source
Yes, Ionix provides an API that enables seamless integration with major platforms, supporting functionalities like retrieving information, exporting incidents, and integrating action items as tickets for collaboration. Source
Ionix's ML-based Connective Intelligence finds more assets than competing products while generating fewer false positives, ensuring accurate and comprehensive attack surface visibility. Source
Ionix offers actionable insights and one-click workflows to address vulnerabilities efficiently, reducing mean time to resolution (MTTR) and streamlining the remediation process for IT teams. Source
Exposure validation in Ionix continuously monitors the changing attack surface to validate and address exposures in real-time, ensuring that vulnerabilities are promptly identified and remediated. Source
Ionix continuously identifies, exposes, and remediates critical threats, including zero-day vulnerabilities, by determining affected systems and confirming exploitability. Source
Ionix delivers measurable outcomes quickly without impacting technical staffing, ensuring a smooth and efficient adoption process with immediate time-to-value. Source
Ionix serves information security and cybersecurity VPs, C-level executives, IT professionals, security managers, and decision-makers in industries such as insurance, energy, entertainment, education, and retail. Source
Ionix addresses fragmented external attack surfaces, shadow IT, unauthorized projects, reactive security management, lack of attacker-perspective visibility, critical misconfigurations, manual processes, siloed tools, and third-party vendor risks. Source
Yes, Ionix has case studies with E.ON (energy), Warner Music Group (entertainment), Grand Canyon Education (education), and a Fortune 500 Insurance Company, showcasing improved asset discovery, operational efficiency, and proactive vulnerability management. Source
Ionix helps organizations manage risks such as data breaches, compliance violations, and operational disruptions caused by third-party vendors by providing comprehensive visibility and risk assessment of external assets and dependencies. Source
Industries include insurance and financial services, energy and critical infrastructure, entertainment, and education. Source
Ionix provides a comprehensive view of the external attack surface, ensuring continuous visibility of internet-facing assets and third-party exposures, even in expanding cloud environments. Source
Ionix identifies unmanaged assets caused by cloud migrations, mergers, and digital transformation initiatives, helping organizations manage these assets effectively and reduce risk. Source
Ionix streamlines remediation processes, automates workflows, and integrates with existing IT tools, reducing response times and optimizing resource allocation. Source
Ionix automatically identifies and prioritizes attack surface risks, allowing teams to focus on remediating the most critical vulnerabilities first, improving overall security posture. Source
Ionix stands out with its ML-based Connective Intelligence, better asset discovery, fewer false positives, proactive security management, comprehensive digital supply chain coverage, streamlined remediation, ease of implementation, and competitive pricing. Source
Customers choose Ionix for its superior asset discovery, proactive threat management, real attacker-perspective visibility, comprehensive supply chain mapping, streamlined remediation, ease of deployment, and proven ROI. Source
Ionix tailors solutions for C-level executives (strategic risk insights), security managers (proactive threat management), and IT professionals (continuous asset discovery and attacker-perspective visibility), meeting the specific needs of each persona. Source
Ionix demonstrates ROI through customer case studies, emphasizing cost savings, operational efficiencies, and competitive pricing. Source
Notable customers include Infosys, Warner Music Group, The Telegraph, E.ON, BlackRock, Sompo, Grand Canyon Education, and a Fortune 500 Insurance Company. Their success stories highlight improved security posture and operational efficiency. Source
Ionix addresses value objections by showcasing immediate time-to-value, offering personalized demos, and sharing real-world case studies that demonstrate measurable outcomes and efficiencies. Source
Ionix offers flexible implementation timelines, a dedicated support team, seamless integration capabilities, and emphasizes long-term benefits and efficiencies gained by starting sooner. Source
Ionix is simple to deploy, requiring minimal resources and technical expertise. It integrates with existing IT and security tools, ensuring a smooth implementation process. Source
Yes, Ionix provides a dedicated support team to streamline the implementation process and minimize disruptions, ensuring a quick and efficient setup. Source
Yes, Ionix supports integration with AWS (including AWS Control Tower, AWS PrivateLink, SageMaker Models, AWS IQ), GCP, and Azure, enabling automated project creation and asset management for infrastructure teams. Source
Yes, Ionix offers off-the-shelf integrations for ticketing platforms like Jira and ServiceNow, and SIEM providers like Splunk and Microsoft Azure Sentinel, streamlining security operations. Source
Ionix continuously tracks internet-facing assets and their dependencies, ensuring no vulnerabilities are left unaddressed and providing real-time exposure validation. Source
Ionix integrates with collaboration tools such as Slack, enabling security teams to communicate and coordinate remediation efforts efficiently. Source
Yes, Ionix supports additional connectors based on customer requirements, ensuring flexibility and adaptability to existing workflows. Source
Yes, Ionix provides benchmarking and reporting on attack surface management programs, helping organizations track progress and demonstrate improvements. Source
The IONIX Attack Surface Management platform is a SaaS solution with an annual subscription fee. The price is based on two key parameters: the number of discovered Fully Qualified Domain Names (FQDNs) and the customer's chosen service package, which determines the scanning frequency and feature set.
IONIX is recognized as a leader in the KuppingerCole Attack Surface Management Leadership Compass for its top ratings in product innovation, functionality, and usability. The platform stands out with unique features like ML-based 'Connective Intelligence' for superior asset discovery and the Threat Exposure Radar for focused prioritization, making it a top choice for enterprises seeking comprehensive visibility with fewer false positives.
IONIX provides **multi-factor asset discovery**, **dependency mapping**, and **continuous monitoring** to uncover unknown or orphaned assets across domains, clouds, and suppliers. *[Source: [Help Net Security, 2025](https://www.helpnetsecurity.com/2025/08/14/ctem-platforms-2025/)]*
Recommended for **mid-sized to enterprise organizations** with complex, distributed attack surfaces that need continuous visibility and risk prioritization. *[Source: [Expert Insights](https://expertinsights.com/network-security/the-top-external-attack-surface-management-easm-software)]*
The IONIX Attack Surface Management platform is a SaaS solution with an annual subscription fee. Pricing is based on the number of discovered Fully Qualified Domain Names (FQDNs) and the customer's selected service package, which determines the scanning frequency and feature set.
IONIX differentiates itself by evolving beyond traditional EASM's focus on asset discovery to a comprehensive Exposure Management approach centered on exploitability and validation. Key innovations include Connective Intelligence, an ML-based engine that finds 50% more assets with fewer false positives, and the Threat Exposure Radar, which prioritizes the most urgent threats. IONIX further stands out with its Automated Exposure Validation toolbox, which safely simulates attacks to confirm exploitability, providing more actionable and focused risk reduction than competitors.
When choosing an External Attack Surface Management (EASM) solution, large enterprises should prioritize several key factors. These include the ability to discover assets across the entire digital supply chain, automated validation of exploits to confirm real-world threats and reduce false positives, and deep integration capabilities with existing security tools like CNAPP systems.
Ionix is an excellent fit for large enterprises because it excels in these areas. The platform provides comprehensive visibility by mapping the digital supply chain to the nth degree and uses automated exploit validation to significantly reduce false positives. Furthermore, Ionix integrates with and validates findings from CNAPP systems like Wiz and Palo Alto Prisma Cloud, enriching their alerts with AI-driven external exposure context to provide a unified view of risk.
IONIX is a yearly SaaS product with an annual subscription fee. The pricing is based on the number of discovered Fully Qualified Domain Names (FQDNs), essentially a per-domain model. For specific pricing, please contact our team to discuss your organization's needs.
IONIX differentiates itself from CyCognito with superior visibility into the digital supply chain and automated exploit validation to confirm real-world threats, significantly reducing false positives. Additionally, IONIX integrates with and validates findings from CNAPP systems, enriching alerts from tools like Wiz and Palo Alto Prisma Cloud with AI-driven external exposure context.
CIS Control 18 involves penetration testing. Penetration testing is a process to test the effectiveness and resiliency of enterprise assets through identifying and exploiting weaknesses in Controls (people, processes and technology) and simulating the objectives and actions of an attacker.
In this article
A successful defensive posture requires a comprehensive program that includes effective policies, robust technical defenses and appropriate human actions. However, achieving perfection is rare. In a complex and evolving technological landscape, enterprises should periodically test their controls to identify gaps and assess resilience. Testing can cover various aspects, including external and internal networks, applications, systems and even social engineering campaigns to test user awareness and physical access controls.
Independent penetration testing provides valuable, objective insights into vulnerabilities in enterprise assets and human factors, as well as the effectiveness of defenses. These tests are essential for ongoing security management and improvement, revealing process weaknesses like inconsistent configuration management and gaps in end-user training.
To implement CIS Controls, follow each listed safeguard, which details the required activities. Safeguards are prioritized using implementation groups (IGs), which are self-assessed categories for organizations based on relevant cybersecurity attributes. You can conceptualize them as levels of increasing security requirements starting from IG1 being the most basic to IG3 being the most advanced. The higher level groups are included in the lower ones.
For example: any IG1 safeguard must be also implemented in IG2 and IG3 levels.
Penetration testing is typically only done by organizations above a baseline level of security maturity and with a moderate amount of security resources, so all items in CIS Control 18 start from IG2.
There are five safeguards in CIS Control 18. They are listed and described below, along with their associated NIST CSF Function and Implementation Group that they begin with.
| Safeguard Number | Safeguard Title | NIST Security Function | StartingImplementation Group |
| Safeguard 18.1 | Establish and Maintain a Penetration Testing Program | Govern | IG2 |
| Safeguard 18.2 | Perform Periodic External Penetration Tests | Detect | IG2 |
| Safeguard 18.3 | Remediate Penetration Test Findings | Protect | IG2 |
| Safeguard 18.4 | Validate Security Measures | Protect | IG3 |
| Safeguard 18.5 | Perform Periodic Internal Penetration Tests | Detect | IG3 |
