The right security test at the right time through one vendor without the hassle.
Managed Security Testing from Trustwave SpiderLabs® allows IT and information security teams to take a programmatic approach to vulnerability management through managed vulnerability scanning across databases, networks and applications, as well as, in-depth manual penetration testing of networks and applications.
- Now more than ever, businesses realize the need for pro-active security testing, and budgets are increasing as a result. Still, planning for and procuring security testing presents a number of challenges:
- Anticipating future testing needs
- Conducting testing in a timely manner
- Making testing an efficient, business-as-usual initiative rather than an obstacle
- Getting high quality testing across multiple asset types
- Standardizing repeatable testing/reporting across asset types
- Fulfilling compliance requirements
- Effectively managing multiple tests, and re-testing, over the course of the year
Four levels of testing
- Trustwave SpiderLabs designed four levels of penetration testing to align with four levels of threats to your network. Depending on your budget and the business-value you assign to the assets you intend to test, you will choose one of the following levels of testing for applications or internal or external networks:
- Basic Threat
- Simulates the most common attacks executed in the wild today. This class of attacker typically uses freely-available, automated attack tools.
- Simulates the most common attacks executed in the wild today. This class of attacker typically uses freely-available, automated attack tools.
- Opportunistic Threat
- Builds upon the basic threat and simulates an opportunistic attack executed by a skilled attacker that does not spend an extensive amount of time executing highly sophisticated attacks. This type of attacker seeks easy targets (”low-hanging fruit”) and will use a mix of automated tools and manual exploitation to penetrate their targets.
- Targeted Threat
- Simulates a targeted attack executed by a skilled, patient attacker that has targeted a specific organization. This class of attacker will expend significant resources and effort trying to compromise an organization’s systems.
- Advanced Threat
- Simulates an advanced attack executed by a highly motivated, well-funded and extremely sophisticated attacker who will exhaust all options for compromise before relenting.
Benefits
- Keep pace with business demands
- Get testing right when you need it, minus the hassle
- Standardize scalable, repeatable scanning and testing
- Make budget planning easier and operationalize testing costs
- Re-test and validate fixes at no extra cost
- Establish or maintain compliance
How It Works
You identify your testing budget and allocate it as you see fit. Your account balance depletes with each database, network or application you enroll, and you can refill your account at any time.
- An initial balance is credited to your account
- You enroll a database, network or application target and choose the level of testing
- Your account balance is debited according to predefined pricing
- You schedule your tests for the enrolled network or application
- A SpiderLabs expert conducts the test
- Dynamic reporting is made available in the portal
- You view and manage reporting within the portal
- If desired, you then schedule maintenance testing to re-evaluate findings where possible
Trustwave’s online reporting portal delivers real-time access to detailed, actionable results. Unlike static reports, the portal makes it easy to take action on your information, track results, manage progress and remediate vulnerabilities from a single source.
For more info, email us at contactus@techdefense.com.au or call us on +61-431-029611