PENETRATION TESTING

Penetration Testing as a Service – also known as Managed Security Testing or Managed Penetration Testing – is a subscription-based, programmatic approach to penetration testing that gives you self-service control over your testing programs. It uses a system built end-to-end to enable you to easily run network and application penetration tests, whether on a predefined schedule or in response to changes in your environment.

The penetration testing scope is highly customizable to address your business needs. You may elect for a custom penetration test when you seek a tailored and in-depth assessment of your unique security landscape. Customization allows for a more focused examination of specific aspects that may not be adequately addressed by standard testing approaches.

Examples of when custom penetration testing may be appropriate:

· Operational Technology (OT): Testing OT environments with specialized hardware, software, and communication protocols

· Business Logic: Testing against unique business processes and workflows, as well as industry-specific requirements

· Privileged Accounts: Testing access credentials and controls at a more granular level (e.g., standard, administrator)

· M&A / Major Change: Testing based on major business or technology changes (e.g., M&A, transitioning to the cloud)

Penetration testing frequency depends on numerous factors, including your risk tolerance, the size of your organization, and of course, your budget. But given that new vulnerabilities crop up constantly, penetration testing is not a one-and-done endeavor. Many organizations conduct penetration tests semi-annually or annually, often on a rotating basis to focus on different aspects of their infrastructure. Trustwave Penetration Testing as a Service makes it simple to conduct tests whenever you like, while effectively managing your budget.

Vulnerability management is an ongoing process to identify, classify, remediate, and mitigate vulnerabilities within an environment, and is composed of three main areas: 1) scanning, 2) triage, and 3) remediation. Trustwave Managed Vulnerability Scanning provides insights into the assets in your environment and their vulnerability to attacks. This includes discovery, network, application, and database scanning, as well as cyber advisory support for strategic remediation of identified vulnerabilities.

Vulnerability remediation focuses on taking specific actions to fix or eliminate identified vulnerabilities. As this responsibility typically falls under IT operations, Trustwave does not provide vulnerability remediation services.

Red team testing is the ultimate test of people, processes, and technology. Stealth is a crucial element of red team testing, designed to test the efficacy of detection capabilities. Rather than focusing solely on technical controls, red team testing employs a full spectrum of techniques, including human factors and social engineering, to test and enhance your security.

Purple team testing is the combination of a red team and a blue team. While the red team (Trustwave, the attacker) aims to expose vulnerabilities in your environment, the blue team (you, the defender) is charged with stopping the attacks. Together, they form the purple team, where Trustwave works with you side-by-side to improve your defense capabilities and increase maturity.