Initial External and Internal Test
Social Engineering Training
Continuous Penetration Testing
Private Portal - Internal and External
Penetration Test Reports On-Demand
Custom Phishing Campaign with Training
Access to Analysts with a 4-Hour Service Level Agreement
How It Works
RedSpy365 starts by performing an initial, external penetration test against an organization. The results are returned to the organization with specific recommendations for remediation, either by your IT security team or RedSpy365 engineers.
Conclusions from the initial test are fed back to the Redspy365 security team who can assist with remediation. Conclusions are also fed into our 24-hour Network Operation Center (NOC) where a botnet, attack pods, and advanced client-side attacks are created specifically for your organization. This establishes the foundation upon which the Continuous Penetration Testing tools begin to automatically scan IP addresses and receive input from various devices every day. The portal’s tools identify changes in web application security postures as well as new ports, IP addresses, and threat vectors – in real-time. It is also the aggregate point for emails that simulate advanced phishing and spear phishing campaigns.
The RedSpy365 process is outlined below and leads to alerts and notifications sent to the RedSpy365 Security Team for pre-determined and agreed-upon action steps. These escalations from automated bots to the RedSpy365 certified penetration testers—some of the industry’s leading experts—form the basis for uncovering threats before they can be exploited, preventing your organization from being compromised.
Stages in Continuous Penetration Testing
A hybrid method of penetration testing includes automated bots to uncover security gaps and human analysts who can interpret vulnerabilities and analyze exploitations.
Early risk and impact identification is the key to remediation before being exploited by hackers.
A Managed Service – customers can receive alerts on all events or only on specific events.
Uses best-of-breed industry software, increasing the likelihood of uncovering risks, and reducing false positives, enabling the most effective reporting.
Trained experts who interpret identified risks to evaluate potential impact, with recommendations for mitigation.
Reporting on demand – a continuously updated penetration test report that can be printed off for any time for any compliance questions. Likely attack path algorithms to identify where attackers may probe weak areas of security.
RedSpy 365 takes on the burden of staffing, providing top security engineers who possess the highest security certifications and average 13+ years of industry experience.
Phishing attacks that can be tailored with specific goals of determining if whether organization would be exposed if someone clicked on a hacker’s link.
Combines all forms of penetration testing – web application, external, internal and social engineering for complete coverage.