• Don't guess. Test.

    Trustwave Managed Security Testing reveals your vulnerabilities and alerts you to the consequences of exploitation. Data security teams need to know what they’re protecting and what they’re protecting it from to make good risk management decisions and technology investments. Security testing helps businesses identify their network-connected assets, learn how those assets are vulnerable to attack, and understand what could happen if those assets were compromised.

    Businesses use Trustwave Managed Security Testing as a single platform for all of their managed vulnerability assessment, database security testing, network penetration testing, and application penetration testing needs.


    A penetration test or "ethical hack" evaluates an application's or network's ability to withstand attack. During a penetration test, you authorize an expert (or "ethical hacker") armed with the same techniques as today's cybercriminals to hack into your network or application. Such an exercise will open your eyes to vulnerabilities you didn't know existed and the effects of exploitation.


    Vulnerability scanning evaluates a system for potential vulnerabilities or weak configurations, is largely automated and can only ever find a subset of security issues. Penetration testing, on the other hand, is a manual process performed by a human. A penetration tester will use tools as a part of their work, but they apply their human ingenuity to exploit vulnerabilities and illustrate what an attacker might be capable of when targeting a particular system.


  • The right security test at the right time through one vendor without the hassle.

  • Managed Security Testing from Trustwave SpiderLabs® allows IT and information security teams to take a programmatic approach to vulnerability management through managed vulnerability scanning across databases, networks and applications, as well as, in-depth manual penetration testing of networks and applications.

    Now more than ever, businesses realize the need for pro-active security testing, and budgets are increasing as a result. Still, planning for and procuring security testing presents a number of challenges:

    • Anticipating future testing needs
    • Conducting testing in a timely manner
    • Making testing an efficient, business-as-usual initiative rather than an obstacle
    • Getting high quality testing across multiple asset types
    • Standardizing repeatable testing/reporting across asset types
    • Fulfilling compliance requirements
    • Effectively managing multiple tests, and re-testing, over the course of the year
  • Overview: Trustwave Managed Security Testing (2 mins)

  • Managed Security Testing menu of services


    Managed Scanning

    Penetration Testing



    Compliance Scanning

    Best Practices Scanning

    As discovered in penetration testing



    Best Practices Scanning

    Internal Network
    • Basic
    • Opportunistic
    • Targeted
    • Advanced
      includes password analysis
    External Network
    • Basic
    • Opportunistic
    • Targeted
      includes limited phishing exercise
    • Advanced
      includes social engineering exercise
    + 4 maintenance tests with each


    Compliance Scanning

    Best Practices Scanning

    • Basic
    • Opportunistic
    • Targeted
    • Advanced
    + 4 maintenance tests with each
  • Four levels of testing

    Trustwave SpiderLabs designed four levels of penetration testing to align with four levels of threats to your network. Depending on your budget and the business-value you assign to the assets you intend to test, you will choose one of the following levels of testing for applications or internal or external networks:

    Basic Threat

    • icon-red-badguy
    • icon-empty
    • icon-empty
    • icon-empty
    Simulates the most common attacks executed in the wild today. This class of attacker typically uses freely-available, automated attack tools.

    Opportunistic Threat

    • icon-red-badguy
    • icon-red-badguy
    • icon-empty
    • icon-empty
    Builds upon the basic threat and simulates an opportunistic attack executed by a skilled attacker that does not spend an extensive amount of time executing highly sophisticated attacks. This type of attacker seeks easy targets (”low-hanging fruit”) and will use a mix of automated tools and manual exploitation to penetrate their targets.

    Targeted Threat

    • icon-red-badguy
    • icon-red-badguy
    • icon-red-badguy
    • icon-empty
    Simulates a targeted attack executed by a skilled, patient attacker that has targeted a specific organization. This class of attacker will expend significant resources and effort trying to compromise an organization's systems.

    Advanced Threat

    • icon-red-badguy
    • icon-red-badguy
    • icon-red-badguy
    • icon-red-badguy
    Simulates an advanced attack executed by a highly motivated, well-funded and extremely sophisticated attacker who will exhaust all options for compromise before relenting.


    • Keep pace with business demands

      Data security leaders know that if security is an obstacle, the business will find ways around it. Trustwave's 2014 Security Pressures Report states that four out of five IT professionals report being pressured to roll out IT projects despite security concerns. Adapt quickly to change and keep up with business demands without leaving security considerations behind. Managed Security Testing's flex-spend model allows you to earmark budget for testing, and then consume testing funds at a moment's notice.

    • Make budget planning easier and operationalize testing costs

      Many IT security professionals know that they will need security testing throughout the year, but not exactly how much. Managed Security Testing's pre-scoped scans and tests, cost transparency and flex-spend consumption model make planning easier and more precise. You define your security budget and then allocate it as you see fit. With quarterly payments, penetration testing becomes a predictable operating expense that can be built into your budgets.

    • Get testing right when you need it, minus the hassle

      Avoid lengthy negotiations and contracts held up in legal with Managed Security Testing's flex-spend model. Enroll a target in testing in minutes and schedule a test with just two weeks' lead time in fewer than five clicks.

    • Re-test and validate fixes at no extra cost

      Maintenance tests included with any penetration test will re-evaluate findings, wherever possible, to provide evidence of remediation and mitigation actions and support fulfillment of compliance requirements.

    • Standardize scalable, repeatable scanning and testing

      You'll know exactly what to expect from Managed Security Testing across your databases, networks and applications with clear pricing and pre-defined scoping. Consolidate management and reporting with a single pain of glass, rather than juggling multiple inconsistent report formats and tracking spreadsheets.

    • Establish or maintain compliance

      Standards, such as the PCI DSS, require vulnerability scanning and penetration testing of in-scope network environments and applications. Managed Security Testing helps fulfill PCI DSS requirements, such as 6.6 and 11.3, and provides ongoing evaluation of the security of your networks or applications to support HIPAA, Sarbanes-Oxley (SOX), FISMA and GLBA/FFIEC compliance efforts.

How It Works

  • You identify your testing budget and allocate it as you see fit. Your account balance depletes with each database, network or application you enroll, and you can refill your account at any time.

  • 1
    An initial balance is credited to your account
    You enroll a database, network or application target and choose the level of testing
    Your account balance is debited according to predefined pricing
    You schedule your tests for the enrolled network or application
    A SpiderLabs expert conducts the test
    Dynamic reporting is made available in the portal
    You view and manage reporting within the portal
    If desired, you then schedule maintenance testing to re-evaluate findings where possible

  • Trustwave's online reporting portal delivers real-time access to detailed, actionable results. Unlike static reports, the portal makes it easy to take action on your information, track results, manage progress and remediate vulnerabilities from a single source.

  • Demo: Managed Security Testing (7 mins)

  • Attack Sequences

    Illustrates how multiple vulnerabilities can be linked to execute a successful attack.

    Detailed Findings

    Discover vulnerability evidence, images and videos. Slideshow walkthroughs quickly explain vulnerabilities to key team members.

    Real-Time Notifications

    Stay on top of the latest changes in test status with instant email alerts.

    Online Reporting and Metrics

    Take advantage of multiple views of risk, remediation status, compromised data and status, across projects or tests. Historical views of test results allow for trend analysis and insight into your organization's security posture over time. Review personalized reports by risk, finding status, projects, custom fields, individual tests, and test types, and export in multiple formats including: PDF, Excel, XML, CSV and HTML.

    Centralized Dashboard

    Drills down to at-a-glance views of project, test status and vulnerability findings.

    Fresh Results

    Verify security fixes have been correctly implemented with maintenance tests that re-evaluate any findings uncovered in prior tests where possible.

    Document Locker

    Delivers secure file storage for the safe exchange of test notes, documents and other files.


  • Documents

  • Videos

    • video thumbnail


      Managed Security Testing Quick Tour

    • video thumbnail


      Managed Security Testing Walkthrough