Point-in-time pen tests are no longer good enough. They are often mis-sold and poorly executed due to lack of budget, which is invariably due to a lack of a proper risk assessment. Paying for a pen test when you don’t understand your own threats is a waste of money. Most pen tests focus on external attack stories but what if the attacker was better that your tester and got in? How would you know?
We believe that pen testing needs to be re-thought. Managed Attack is a service that constantly evaluates your threats to create attack stories relevant to your business and cycles through external and internal attacks throughout the contract term.
We use advanced APT technology to automate all the common infrastructure attacks and leave our talented human testers to focus on the more creative attack stores such as web/mobile applications and APIs.
You get a cost-effective service that gives you the assurance that the attack stories are relevant to your organisation and we constantly test every external and internal attack on a regular basis.
- What’s included?
- Continual pen testing on an agreed schedule
- A 3 stage approach that cycles through through the contract –
- Threat modelling
- External attack stories
- Internal attack stories
- What do you get?
- Assurance that you understand your threats and that external and internal defences are tested on a regular basis
- Monthly reporting on progress
- Critical issues are logged when found with a remediation plan
- An adaptive approach to building good defensive and detection controls