RedSpy 365 - Facebook    RedSpy 365 - Twitter    RedSpy 365 - LinkedIn
Continuous Penetration Testing

How It Works

SyCom starts by performing an initial external Penetration Test against an organization. The results are returned to the organization with specific recommendations for remediation, either by your IT security team or SyCom engineers.  Conclusions from the initial test are also fed back to our security team following which we can then assist with remediation. Conclusions are also fed back into our 24-hour Network Operation Center (NOC) where a botnet, attack pods and advanced client-side attacks are created specifically for your organization. This establishes a basis from which the Continuous Penetration Testing tool begins to automatically scan a range of IP addresses and receive input from various devices every day. It identifies changes in web application security postures as well as new ports, IP addresses and threat vectors. It will also send emails to simulate advanced phishing and spear phishing campaigns.

The RedSpy365 process is outlined below and leads to alerts and notifications sent to SyCom’s security team for pre-determined and agreed upon action steps.  These escalations from automated bots to SyCom’s certified pen testers—some of the industry’s leading experts—offer the potential to find the threat before it’s exploitable and before your organization has been compromised.

Continuous Penetration Testing - How It Works


Stages in Continuous Penetration Testing

New and advanced methods of testing are being employed to help organizations maintain a constant tactical view.


Phase 1: Discovery
Analysis . Footprint . Identify

Phase 2: Services
Ping . Map . Scan

Phase 3: Enumeration
Extract . Collect . Intrusive

Phase 4: Application Layer Testing
Manual . Depth . Blind

Phase 5: Exploit
Attack . Penetrate . Compromise