Traditionally, industry practice was to perform manual penetration testing on a semi-annual basis. The problem with this approach is that vulnerabilities are often introduced right after a test has completed and critical issues could be overlooked until the next testing window.
While automated vulnerability scanning tools mitigate some of this risk, neither of these two controls address the addition of new networks, cloud-based systems or potential third-party issues.
3wSecurity can provide pen-testing on-demand as an add-on service to its Attack Management offering. This allows companies to achieve coverage throughout the entire digital life-cycle.
Managing the Security Lifecycle
3wSecurity can perform traditional pen-testing or we can provide an integrated service along with our attack management platform. What makes the integrated solution more compelling, is that our platform helps to facilitate management of the security life cycle.
For example, as systems are commissioned and or discovered, they should be tested for security vulnerabilities. If issues are found, they must be resolved and then the asset should be tested again to validate the fix. Over the life of the asset, there are multiple times when security tests are required to meet compliance requirements and to reduce risk.
Our attack surface management software, ShadowKat, in combination with our penetration testing service helps to refine this process. The result is that a more reliable process is established and inefficiencies are reduced furthermore, the security and integrity of your security program is improved.