Why Penetration Testing as a Service?
A companies Security Posture is constantly changing in line with the evolving risks faced by multiple sources. A traditional Penetration Test is very much a point in time assessment.
Pentest People have a wealth of experience of building traditional Penetration Testing businesses. It is time for the market to evolve and a new solution to be provided that meets the needs of the customer.
Our Penetration Testing as a Service (PTaaS) advocates a continuous cycle of testing and remediation. It suggests that your security posture is always changing so in order to combat this moving target there must be an on-going program of testing, remediation and management. The Penetration Testing Methodology understands that there is a need to test and check the entire platform stack. From the operating system to the SSL certificate, PTaaS is all about establishing a regime of automatic checks and monitoring so that even the smallest aspects of your eco-system are protected.
What do we receive with PTaaS?
PTaaS is built around a traditional Penetration Test as you would receive from one of our competitors. The differentiator we provide is made up of the additional services that we wrap around the Penetration Test to provide an over-arching managed service to our customers.
We offer a Remediation Consultancy Service to fix any issues identified during your Penetration Test to ensure your risk is mitigated.
The service is delivered through SecurePortal and access is provided to the RapidSpike suite of Advanced Monitoring Tools.
More details can be found on our What is Included in PTaaS? page.
Consultant Led Penetration Testing
A Pentest People security consultant will perform a thorough Penetration Testing based on your exact requirements. This test can include an assessment of your internal and external hosts as well as any Web Applications you may have in use. The Penetration Tests will be scheduled to match your requirements and budget.
Frequent Vulnerability Scanning
As well as the point in time Penetration Test, you will also receive access to regular external and internal Vulnerability Scanning. This scanning can be scheduled to fit into your environment and timescales to ensure that you are kept informed of newly released vulnerabilities that may affect your infrastructure.
Ongoing Security Monitoring
Various Security Monitors are available which all run at frequent intervals. These can be used to perform Port Scanning of your external infrastructure as well as to check items such as your SSL Certificates in use for your Web Applications and also monitor for JavaScript Security issues on your webservers.
Access to Security Consultants
Depending on the level of service you have purchased, you will receive access to the Pentest People team of experienced cybersecurity consultants. Our consultants are available on a helpdesk basis for general security concerns as well as to perform regular security reviews of your Vulnerability Assessments and Security Monitors.
Key Benefits
- Receive ongoing Security Management through an Overarching Managed Service
- Traditional reports are out of date the minute they are delivered. SecurePortal is a living system that evolves in line with your network
- Automatically track changes that might affect your security posture with minimal effort
- Consultancy is not enough, keep up with new threats by adopting a continuous program of Testing and Monitoring
- With so many attack vectors PTaaS allows you to monitor your entire ecosystem so emerging problems can be fixed early
Frequently
Asked Questions About Why Penetration Testing as a Service?
How does PTaaS differ from a standard Penetration Test?
PTaaS contains a Penetration Test but also provides access to an array of tools that include Vulnerability Scanning and Advanced Security Monitoring.