Trustwave has enhanced its pen testing offering to now include a high-quality, cost-effective offering to larger organizations. This new Enterprise Pen Testing (EPT) offering is designed to meet the complex testing needs of these organizations with an extensive breadth and depth of vulnerability identification, ability to deliver scaled programs of work, at an extremely competitive price point.
The world-class analysts, threat hunters, and researchers at Trustwave SpiderLabs supports EPT clients with a mix of onshore, nearshore, and offshore pen testers, testing within a CREST-certified methodology and providing high-quality testing in a flexible and cost-effective manner. Furthermore, the EPT service is augmented with a local Technical Account Manager (TAM) who ensures clients receive the most value from their testing investment.
“With over two decades of global industry leadership in vulnerability research and findings, we thoroughly understand the threat landscape of known, unknown, and emerging threats,” said Nick Ellsmore, SVP of Worldwide Consulting and Professional Services at Trustwave. “Our proven methodologies, performed in accordance with industry standards, allow us to find even the most difficult vulnerabilities and provide a world-class testing solution to global enterprises.”
Trustwave has developed targeted and comprehensive testing programs to achieve client’s testing objectives on an ad hoc basis or as part of a long-term testing program. While ad-hoc testing can deliver valuable point-in-time insights, having a pre-established security testing program provides a more holistic view of enterprise risk over time. Additionally, with a dedicated TAM, clients have an expert guide to review findings, develop remediation plans, and manage continuous validation testing.
All EPT encounters deliver a report containing actionable roadmaps for remediation to address gaps, implement patches, and mature your organization’s security.
Meeting Compliance and Regulatory Requirements
Trustwave understands that every organization has a unique mix of regulatory and cybersecurity frameworks as well as a mandate to protect customer and user data.
With clients in multiple industry sectors and located worldwide, Trustwave develops testing programs to meet multiple compliance requirements, such as PCI DSS, CPS234, and MAS cybersecurity regulations.
Trustwave Enterprise Penetration Testing
Trustwave’s EPT offering is a multifaceted approach that not only checks systems for vulnerabilities but can help train security and IT staff to properly defend their organization.
Trustwave offers Vulnerability Management Services to examine a client’s environment to identify gaps within a security program and technology stack. There is no license cost for this service, a fixed price model is available based on weekly, monthly, or quarterly scanning., Scheduling is flexible and designed to meet the client’s needs, and all of this is conducted remotely saving additional costs.
The results of all testing are presented in Trustwave Fusion, a cloud-based cybersecurity platform that serves as the foundation for most Trustwave offerings. The Trustwave Fusion platform is purpose built to meet the enterprise where they are today in their operations and in the future as they embrace digital transformation and contend with a continuously evolving security landscape.
Red and Purple Team Testing as an Option
Clients can opt to upgrade their EPT package to gain insight into their organization’s ability to defend itself with Red and Purple Team testing. Too often, an organization's first mistake is not testing its people, policies, procedures, and systems in a real-world scenario.
This is where Red and Purple team testing comes into play.
A Red Team engagement is a laser-focused cybersecurity engagement designed to make an organization's nightmare come to life in a simulated attack. Rather than focusing solely on the technical controls, Red Teams aim to find flaws in people, processes, and technology. The business will provide a set of goals to the Red Team and the entire operation is built around accomplishing those goals without being detected.
A Purple Team exercise is essentially a controlled scrimmage during which a Trustwave team manipulates the situation to place the defenders in the worst position possible. By having someone from the client help direct the attack, we can give the client a taste of what is to come during the Red Team exercise or in a real-life attack.
At Trustwave, we use a Purple Team as a teaching opportunity more than an adversarial engagement. For example, we often have the client pick a particular tactic from the MITRE Attack Framework, begin a controlled attack, and walk them through what we are doing and how they should respond.
Finally, all of these services are conducted under the umbrella of several CREST certifications. Trustwave is accredited by the internationally-recognized professional certification board CREST in several key areas tied to its EPT offering. Trustwave is uniquely positioned with multiple CREST accreditations across Vulnerability Assessment (VA), Intelligence-Led Penetration Testing (STAR), Penetration Testing (PEN TEST), and STAR-FS Intelligence-Led Penetration Testing.
Trustwave’s global CREST membership proves to clients we are invested in training and ensuring that our staff are keeping up-to-date with the very latest tools, tactics and procedures.