On-Site Appliance

In addition to the cloud-based appliance, we install an on-site appliance for internal testing.
We also give you a full development VM for you to develop your own integration.

Initial External and Internal Test

Full external and internal penetration tests as part of the onboarding process.

Social Engineering Training

Two days of on-site social engineering training in person.

Continuous Penetration Testing

Full penetration testing service
on-site and off-site.

Private Portal - Internal and External

A separate internal portal so all your internal findings remain internal to you.

On-Demand Reports

One-click download of a full penetration testing report
updated continuously.

Analyst Support

Contact us anytime. Send an email, use the IRC channel or pick up the phone to speak to a live analyst.
We love to talk.

Key Features

A hybrid method of penetration testing includes automated bots to uncover security gaps and human analysts who can interpret vulnerabilities and analyze exploitations.

Early risk and impact identification is the key to remediation before being exploited by hackers.

A Managed Service – customers can receive alerts on all events or only on specific events.

Uses best-of-breed industry software, increasing the likelihood of uncovering risks, and reducing false positives, enabling the most effective reporting.

Trained experts who interpret identified risks to evaluate potential impact, with recommendations for mitigation.

Reporting on demand – a continuously updated penetration test report that can be printed off for any time for any compliance questions. Likely attack path algorithms to identify where attackers may probe weak areas of security.

RedSpy 365 takes on the burden of staffing, providing top security engineers who possess the highest security certifications and average 13+ years of industry experience.

Phishing attacks that can be tailored with specific goals of determining if whether organization would be exposed if someone clicked on a hacker’s link.

Combines all forms of penetration testing – web application, external, internal and social engineering for complete coverage.

How It Works

RedSpy365 starts by performing an initial external Penetration Test against an organization. The results are returned to the organization with specific recommendations for remediation, either by your IT security team or RedSpy365 engineers.

Conclusions from the initial test are fed back to the RedSpy365 Security Team who can assist with remediation. Findings are also sent to our 24-hour Network Operation Center (NOC) where a botnet, attack pods, and advanced client-side attacks are created specifically for your organization. This establishes the foundation upon which the Continuous Penetration Testing tools begin to automatically scan IP addresses and receive input from various devices every day. The portal’s tools identify changes in web application security postures as well as new ports, IP addresses, and threat vectors – in real-time. It is also the aggregate point for emails that simulate advanced phishing and spear phishing campaigns.

The RedSpy365 process is outlined below and leads to alerts and notifications sent to the RedSpy365 Security Team for pre-determined and agreed-upon action steps. These escalations from automated bots to the RedSpy365 certified penetration testers—some of the industry’s leading experts—form the basis for uncovering threats before they can be exploited, preventing your organization from being compromised.

Stages in Continuous Penetration Testing

How it works