SyCom starts by performing an initial external Penetration Test against an organization. The results are returned to the organization with specific recommendations for remediation, either by your IT security team or SyCom engineers. Conclusions from the initial test are also fed back to our security team following which we can then assist with remediation. Conclusions are also fed back into our 24-hour Network Operation Center (NOC) where a botnet, attack pods and advanced client-side attacks are created specifically for your organization. This establishes a basis from which the Continuous Penetration Testing tool begins to automatically scan a range of IP addresses and receive input from various devices every day. It identifies changes in web application security postures as well as new ports, IP addresses and threat vectors. It will also send emails to simulate advanced phishing and spear phishing campaigns.
The RedSpy365 process is outlined below and leads to alerts and notifications sent to SyCom’s security team for pre-determined and agreed upon action steps. These escalations from automated bots to SyCom’s certified pen testers—some of the industry’s leading experts—offer the potential to find the threat before it’s exploitable and before your organization has been compromised.