Bringing Penetration Testing Into The Modern Day

- By -

Robert Wilson

In today’s way of living and working, where results are needed now, and outputs are required regularly to keep pace with continuous changes, especially in the digital world, are we really still accepting that penetration tests should take days to schedule, weeks to deliver and months to remediate the outputs?

Following rigorous trials and feedback with existing clients, Amicis are hugely excited to launch PTAS – Pen Testing as a Service and PTOD – Pen Testing on Demand.

What is different about these approaches compared to traditional rates of service?

• Scoped on IP, not “effort” or “day rate”

• Rapid delivery – as this is delivered via our Security Engine, tests can be completed within hours, rather than days – ideal if you’re up against pressing deadlines to ensure new releases of your services or updates to your digital estate are free from vulnerabilities. Rather than waiting weeks for your report, you can receive it fully completed and QA’d by an accredited security practitioner within a couple of days.

• Complete with up to date knowledge, methodologies, techniques and continually fed by the latest research from our own security consultants and wider cyber community to ensure the service remains ahead of the threat landscaper. This is all done utilising CREST accredited practices – a recognition of the quality and validity of the service. AI and Machine Learning are on the roadmap for the next 12 months for an even faster service in the future.

This is just a vulnerability scan, right?

Wrong. A vulnerability scan just informs you about the vulnerabilities that are present within your environment. However, it does not attempt to exploit those vulnerabilities to determine the potential impact of successfully exploiting those vulnerabilities. We fully endorse the need for regular vulnerability scanning, but this is not it. PTAS and PTOD is different as it uses exploitation and post-exploitation techniques to demonstrate to you how successfully exploiting a vulnerability could potentially lead to further access to systems and/or confidential data leakage within their environment – exactly what you expect from a penetration test, but now, with us at a fraction of the time and cost.

PTAS v PTOD – what is right for me?

PTAS is conducted regularly to suit your environment and budget – select the number of IPs you want testing, choose how regularly you want assurance of their resilience (quarterly, or monthly) and leave the rest to us.

PTOD makes sense if you have a very simple, very static environment which encounters little attention, but still needs testing to ensure it is free from common vulnerabilities and for compliance purposes, be they from a regulatory body or a concerned third party.

Want to test an IP for free to see the outputs for yourself? Click here.

Need a test on your environment now and the results back within the week or looking to learn more and would value a chat with one of your team? Select a time here.

Ready to get started?