What is Pentest as a Service (PTaaS) ?
Pentest as a Service (PTaaS) provides realtime and continuous application and infrastructure pentesting, traditionally performed by humans once a year. It works with a combination of hyper automation and humans to increase the reactivity and efficiency.
For internet exposed (external facing) assets Pentest as a Service (PTaaS) is sometimes called Continuous Automated Red Teaming (CART).
Why Pentest as a Service (PTaaS) ?
Attacker scan internet to find weak assets and exploit them. At least, you must be able to do the same on your assets.
Pentesting is crucial in cybersecurity and mandatory in several compliance standards, but traditional pentesting can process continuously or would be too expensive. Pentest as a Service (PTaaS) allows continuous testing and real-time alerting.
“Pentest as a Service (PTaaS) is new on the market but was anticipated by Patrowl and Gartner since 2019:
- Continuous security posture assessment can help security and risk management leaders discover gaps in their defense
- Continuous exposure assessments help them discover gaps in their business knowledge”
Gartner – How to Respond to the 2019 Threat Landscape
Patrowl’s Pentest as a Service (PTaaS)
With Patrowl’s PTaaS you can continuously evaluate the risk of your internet exposed (external facing) assets.
It allows you to:
- Offensively check continuously your external-facing assets
- Optimize your cost by mixing hyper automatization and human pentest
- Get a pragmatic action plan
- Get prioritized and contextualized recommandations
You can also confirm the ownership of your asset and discover unmanaged assets, Shadow IT, Phishing website mimicking your corporate visual identity, Counterfeiting e-market…
How it differs from existing ?
There is no solution that allows you to go as far as Pentest as a Service (PTaaS): not limited by the scope and continuously.