What is Pentest as a Service (PTaaS)?
Pentest as a Service provides real time and continuous application and infrastructure pentesting, traditionally performed by humans once a year. It works with a combination of hyperautomation and humans to increase the reactivity and efficiency.
For Internet exposed (external facing) assets Pentest as a Service is sometimes called Continuous Automated Red Teaming (CART).
Why Pentest as a Service (PTaaS)?
Attackers scan Internet to find weak assets and exploit them. At least, you must be able to do the same on your assets.
Pentesting is crucial in cybersecurity and mandatory in several compliance standards, but traditional pentesting can process continuously or would be too expensive. Pentest as a Service (PTaaS) allows continuous testing and real-time alerting.
“Pentest as a Service (PTaaS) is new on the market but was anticipated by Patrowl and Gartner since 2019:
- Continuous security posture assessment can help security and risk management leaders discover gaps in their defense
- Continuous exposure assessments help them discover gaps in their business knowledge”
Gartner – How to Respond to the 2019 Threat Landscape
Patrowl’s Pentest as a Service (PTaaS)
With Patrowl’s PTaaS you can continuously evaluate the risk of your Internet exposed (external facing) assets.
It allows you to:
- Offensively continuously check your external-facing assets
- Optimize your costs by mixing hyperautomatization and human pentest
- Get a pragmatic action plan
- Get prioritized and contextualized recommandations
You can also confirm the ownership of your asset and discover: unmanaged assets (Shadow IT), Phishing websites mimicking your corporate visual identity, Counterfeiting web site...
How it differs from existing?
There is no solution that allows you to go as far as Pentest as a Service (PTaaS): not limited by the scope and continuously.