Chicago based Trustwave, a provider of security and compliance solutions, today released a tool that provides its enterprise clients the ability to manage all forms of penetration tests in real-time, and be presented with live, detailed test results and recommendations. With the results gathered from penetration tests, the generically named PenTest Manager displays rich media demonstrations including image slideshows and screen capture videos displaying how vulnerabilities can be exploited.
PenTest Manager provides users with at-a-glance views of projects, test status and findings to manage application, network, physical and wireless penetration tests, performed by Trustwave’s security team, SpiderLabs. Having visual proof of exploitation proves to be valuable in showing executives and security staff the true impact of vulnerabilities. TrustWave claims that no other testing team allows clients to “look over the shoulder” of an ethical hacker in this manner as they expose weaknesses in critical systems.
“Rather than tracking findings in the typical PDF reports and spreadsheets, we give customers one centralized database to manage their vulnerabilities,” said Robert J. McCullen, chairman and CEO of Trustwave. “The way PenTest Manager delivers evidence provides real business value that solves a CISO’s problems while reducing costs with a portal-based management interface, which is what customers really need in their security solutions.”
Penetration Testing, also referred to ethical hacking, helps ensure proper security controls are in place to protect an organization from attack by cyber criminals hoping to steal valuable information and cause business disruption.
To ensure that application vulnerabilities don’t leave gaping holes for intruders, virtual patches for Web Application Firewalls (WAF) are custom-built by SpiderLabs, specific to each exploitable vulnerability. This minimizes the vulnerability of applications as developers fix the underlying software issues.
“The nature of the PenTest Manager encourages collaboration between the CISO and the testers, which can end up leading to more penetration testing requests rather than fewer,” said Wendy Nather, senior analyst, Enterprise Security Practice, The 451 Group. “By consolidating testing details, findings, mitigation and remediation tasks across multiple layers, a product like this can enrich the ongoing conversation between an MSSP and its clients.”
