Continuous Security Testing

No longer are you bound by the limitations of an Annual Penetration Test, receiving only a snapshot-in-time view of your organization’s cyber security posture.

TrollEye Security has developed an ongoing Pen Test as a Service offering that integrates directly into your organization’s infrastructure and cloud services.

By integrating into cloud and on-premise technologies, we achieve a more accurate host discovery and cross-correlations using address translation and virtual IP data. As soon as cyber security findings are discovered and opened, you are notified and can take immediate action to resolve the cyber security finding(s).

penetration testing summary


Pen Test as a Service Score Card

Network Security

Ongoing network security testing uncovers exploitable vulnerabilities such as open access points, insecure or misconfigured SSL certificates, database vulnerabilities, and security holes that can stem from the lack of proper security measures such as network segmentation.

DNS Health

DNS Health measures multiple DNS configuration settings, such as WHOIS configurations as well as the presence of recommended configurations such as DNSSEC, SPF, DKIM, and DMARC.

Leaked Sensitive Information

Regular open-source intelligence gathering can identify exposed sensitive information that as part of a data breach or leak, keylogger dumps, Pastebin dumps, database dumps, and other information repositories.

Patching Cadence

How diligently your organization is patching its operating systems, services, applications, software, and hardware in a timely manner.

Endpoint Security

Endpoint cyber security refers to the protection involved regarding an organization’s laptops, desktops, mobile devices, and all employee devices that access that company’s network.

IP Reputation

An overall assessment of an organization’s IP Reputation.

Web Application Security

Continuous SAST and DAST find vulnerabilities that include Cross-site Scripting (XSS), SQL injection attacks, and CORS miss-configurations.

Limitations of Annual Penetration Testing

Required by Compliance frameworks such as PCI, SOC1/SOC2, and HITRUST, Annual penetration testing is only a snapshot-in-time view and is outdated in a short time frame.

  • Snapshot-in-time view; outdated within days.
  • Final reports take weeks to receive after the engagement ends.
  • Without partnership, the results may not be relevant to your organization.
  • A two- or three-week engagement per year is not enough time to fully understand the impact of vulnerabilities found in your environment.
  • Extra costs due to re-testing.
  • Inability to manage vulnerabilities or accept risk.
  • Poor visibility after the engagement completes.
 
continuous security testing

You know what we know when we know it.

Pen Test as a Service:

  • Instant Visibility
  • Continuous Open Source Intelligence (OSINT).
  • Dynamic (DAST), Static (SAST), and Manual Application Security Testing
  • Ongoing Network Vulnerability Scanning and Penetration Testing.
  • Infrastructure and application vulnerabilities, on-premise and cloud.
  • Score Card
  • Compliance audit trail.
  • Host discovery via infrastructure integration
  • All IT stakeholders and IT staff can have a Command Center account.
  • Open findings are immediately available for mitigation re-testing or IT risk acceptance

Get in Touch

Let Us Know How We Can Help!

Locations

Deerfield Corporate Centre One
13010 Morris Road - Suite 650
Alpharetta, Georgia 30004

Wells Fargo Center
100 S. Ashley Drive - Suite 600
Tampa, Florida, 33602

Drop Us a Line

[email protected]

Give us a ring

833-568-4924

Contact Us