![]() The biggest challenge with bug bounty PTaaS programs is that service, quality, project management, and other key methodology factors often lack consistency. Let’s put aside the fact that is it difficult to validate the motives and ethics of your pentesting team when they are not vetted as thoroughly as full-time employees are. Most PTaaS providers are technology-driven, like NetSPI, but leverage a talent pool that consists of independent contractors (often “security researchers”), versus NetSPI which leverages vetted full-time employees. But because we are technology-driven, our customers receive all the PTaaS benefits Gartner identified that other traditional testing firms cannot offer. NetSPI is the only PTaaS provider rooted in traditional penetration testing. ![]() This is where understanding the difference between PTaaS solutions and traditional penetration testing becomes important. It is typical to see an enterprise use their internal testing team, bug bounty programs, and external/third party pentesting providers. Many large programs will run a combination of testing from multiple sources. When you look at the security testing industry as whole, we see 3 primary ways to leverage a third party for penetration testing from a manual perspective: Just like all security testing approaches are not equal, all PTaaS providers aren’t equal either. Access to a large pool of testers with specific subject-matter expertiseīug Bounty vs.Workflow automation via tool integrations (DevOps, ticket management).Gartner lists the following as the top PTaaS penetration testing delivery model benefits: ![]() While penetration testing services themselves aren’t new, it is only recently that the industry has begun enabling penetration testing through software as-a-service (SaaS) platforms. According to Gartner’s hype cycle analysis, PTaaS offers many benefits, providing “point-in-time and continuous application and infrastructure pentesting services which traditionally relied on human pentesters using commercial/proprietary tools.” With costly cyber-attacks increasing in prevalence, the importance of understanding and addressing cyber risk is greater than ever, making PTaaS a core component of enterprise attack surface management. This tech-enabled approach combines traditional manual penetration testing techniques and the use of advanced technologies to detect vulnerabilities more efficiently and effectively, while delivering a modern, SaaS-like experience to end users. PTaaS refers to enterprise security testing that is delivered through a technology platform. Fortunately, Gartner’s report (in tandem with this article) can help business leaders and security practitioners better understand the PTaaS market and what the right solution can do for their organizations. For organizations looking at PTaaS solutions, it can be difficult to assess which solutions fit which needs, and what factors require careful consideration. This report comes at a pivotal time where more organizations are beginning to understand the importance penetration testing plays in their overall cybersecurity strategy. In the report, PTaaS was named an Innovation Trigger, with the technology-enabled service categorized as a “breakthrough” that “generates significant media and industry interest.” At NetSPI, our unique approach to PTaaS allows us to deliver a more specialized offering to customers than our peers in the space. ![]() We’re excited to announce that NetSPI was named as a key Penetration Testing as a Service (PTaaS) vendor in Gartner’s Hype Cycle for Security Operations, 2021. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |