Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Trustwave Launches Value-Driven Enterprise Pen Testing Offering

Trustwave has enhanced its pen testing offering to now include a high-quality, cost-effective offering to larger organizations. This new Enterprise Pen Testing (EPT) offering is designed to meet the complex testing needs of these organizations with an extensive breadth and depth of vulnerability identification, ability to deliver scaled programs of work, at an extremely competitive price point.

The world-class analysts, threat hunters, and researchers at Trustwave SpiderLabs supports EPT clients with a mix of onshore, nearshore, and offshore pen testers, testing within a CREST-certified methodology and providing high-quality testing in a flexible and cost-effective manner. Furthermore, the EPT service is augmented with a local Technical Account Manager (TAM) who ensures clients receive the most value from their testing investment.

“With over two decades of global industry leadership in vulnerability research and findings, we thoroughly understand the threat landscape of known, unknown, and emerging threats,” said Nick Ellsmore, SVP of Worldwide Consulting and Professional Services at Trustwave. “Our proven methodologies, performed in accordance with industry standards, allow us to find even the most difficult vulnerabilities and provide a world-class testing solution to global enterprises.”

Trustwave has developed targeted and comprehensive testing programs to achieve client’s testing objectives on an ad hoc basis or as part of a long-term testing program. While ad-hoc testing can deliver valuable point-in-time insights, having a pre-established security testing program provides a more holistic view of enterprise risk over time. Additionally, with a dedicated TAM, clients have an expert guide to review findings, develop remediation plans, and manage continuous validation testing.

All EPT encounters deliver a report containing actionable roadmaps for remediation to address gaps, implement patches, and mature your organization’s security.

Meeting Compliance and Regulatory Requirements

Trustwave understands that every organization has a unique mix of regulatory and cybersecurity frameworks as well as a mandate to protect customer and user data.

With clients in multiple industry sectors and located worldwide, Trustwave develops testing programs to meet multiple compliance requirements, such as PCI DSS, CPS234, and MAS cybersecurity regulations.

Trustwave Enterprise Penetration Testing

Trustwave’s EPT offering is a multifaceted approach that not only checks systems for vulnerabilities but can help train security and IT staff to properly defend their organization.

Trustwave offers Vulnerability Management Services to examine a client’s environment to identify gaps within a security program and technology stack. There is no license cost for this service, a fixed price model is available based on weekly, monthly, or quarterly scanning., Scheduling is flexible and designed to meet the client’s needs, and all of this is conducted remotely saving additional costs.

The results of all testing are presented in Trustwave Fusion, a cloud-based cybersecurity platform that serves as the foundation for most Trustwave offerings. The Trustwave Fusion platform is purpose built to meet the enterprise where they are today in their operations and in the future as they embrace digital transformation and contend with a continuously evolving security landscape.

Red and Purple Team Testing as an Option

Clients can opt to upgrade their EPT package to gain insight into their organization’s ability to defend itself with Red and Purple Team testing. Too often, an organization's first mistake is not testing its people, policies, procedures, and systems in a real-world scenario.

This is where Red and Purple team testing comes into play.

A Red Team engagement is a laser-focused cybersecurity engagement designed to make an organization's nightmare come to life in a simulated attack. Rather than focusing solely on the technical controls, Red Teams aim to find flaws in people, processes, and technology. The business will provide a set of goals to the Red Team and the entire operation is built around accomplishing those goals without being detected.

A Purple Team exercise is essentially a controlled scrimmage during which a Trustwave team manipulates the situation to place the defenders in the worst position possible. By having someone from the client help direct the attack, we can give the client a taste of what is to come during the Red Team exercise or in a real-life attack.

At Trustwave, we use a Purple Team as a teaching opportunity more than an adversarial engagement. For example, we often have the client pick a particular tactic from the MITRE Attack Framework, begin a controlled attack, and walk them through what we are doing and how they should respond.

CREST Certification

Finally, all of these services are conducted under the umbrella of several CREST certifications. Trustwave is accredited by the internationally-recognized professional certification board CREST in several key areas tied to its EPT offering. Trustwave is uniquely positioned with multiple CREST accreditations across Vulnerability Assessment (VA), Intelligence-Led Penetration Testing (STAR), Penetration Testing (PEN TEST), and STAR-FS Intelligence-Led Penetration Testing.

Trustwave’s global CREST membership proves to clients we are invested in training and ensuring that our staff are keeping up-to-date with the very latest tools, tactics and procedures.

19167_pen-testing

 

Latest Trustwave Blogs

Email Security Must Remain a Priority in the Wake of the LabHost Takedown and BEC Operator’s Conviction

Two positive steps were taken last month to limit the damage caused by phishing and Business Email Compromise (BEC) attacks when a joint action by UK and EU law enforcement agencies compromised the...

Read More

Defining the Threat Created by the Convergence of IT and OT in Critical Infrastructure

Critical infrastructure facilities operated by the private and public sectors face a complex and continuously growing web of security threats that are compounded by the increasing convergence of...

Read More

Behind the MDR Curtain: The Importance of Original Threat Research

Searching for a quality-managed detection and response (MDR) service provider can be daunting, with dozens of vendors to choose from. However, in its 2023 Gartner® Market Guide for Managed Detection...

Read More