Platform
What is Pentest as a Service (PTaaS)?
Le Pentest as a Service fournit un pentest en temps réel et en continu des applications et des infrastructures, traditionnellement effectué par des humains une fois par an. Il fonctionne avec une combinaison d'hyper automatisation et d'humains pour augmenter la réactivité et l'efficacité.
Pour les actifs exposés à l'Internet (orientés vers l'extérieur), le Pentest as a Service est parfois appelé Continuous Automated Red Teaming (CART).
Why Pentest as a Service (PTaaS)?
Attackers scan Internet to find weak assets and exploit them. At least, you must be able to do the same on your assets.
Pentesting is crucial in cybersecurity and mandatory in several compliance standards, but traditional pentesting can process continuously or would be too expensive. Pentest as a Service (PTaaS) allows continuous testing and real-time alerting.
“Pentest as a Service (PTaaS) is new on the market but was anticipated by Patrowl and Gartner since 2019:
Continuous security posture assessment can help security and risk management leaders discover gaps in their defense
Continuous exposure assessments help them discover gaps in their business knowledge”
Gartner – How to Respond to the 2019 Threat Landscape
Patrowl’s Pentest as a Service (PTaaS)
With Patrowl’s PTaaS you can continuously evaluate the risk of your Internet exposed (external facing) assets.
It allows you to:
Offensively continuously check your external-facing assets
Optimize your costs by mixing hyperautomatization and human pentest
Get a pragmatic action plan
Get prioritized and contextualized recommandations
You can also confirm the ownership of your asset and discover: unmanaged assets (Shadow IT), Phishing websites mimicking your corporate visual identity, Counterfeiting web site...
