What is Pentest as a Service (PTaaS)?
Penetration tests are now an integral part of IT security. Many companies and organizations carry out this once a year to get an up-to-date picture of their cyber resilience against current threats. For Corporations and companies that are active in software or product development, however, an annual review is not enough.
Our solution in these cases: the “Pentest as a Service” contract model. This enables penetration tests to be carried out at a time and individually tailored to the company, for example monthly or quarterly as required.
This service model is aimed at you if your company meets one of the following points:
So what are the distinctions between the classic penetration test and the “Pentest as a Service” contract model?
The time and financial overhead for a proper (legally correct) execution of a regular penetration test requires approximately XNUMX/XNUMX to XNUMX/XNUMX of the project time for organization (project management) and documentation. We significantly reduce this time and financial overhead with the PaaS model by conducting test phases at regular intervals within an agreed-upon timeframe.
Through these regular assessments, you enhance your IT and create optimized time and priority management by assigning tasks for internal implementation. We would like to explain further differences to you in the following table:
Test area
Fixed
Dynamically expandable
Findings
total at the end
Any time denomination
status report
Single
Agile
Collaboration
2-8 weeks
6-12 months
In the KRITIS area, PaaS is often a framework agreement that regulates when which systems should be tested on site.
Please contact us here, as there are no one-size-fits-all solutions.
We will work with you to develop a model that suits your protection needs. This advance advice is of course free of charge; anything else would simply be dubious.
We will discuss your exact needs with you in a free appointment. At a kick-off appointment, we then define test periods (what should be tested, when, how in which cycles) and configure a remote gateway in your network.
For safety reasons, this should only be switched on when testing is to be carried out. Even if our "Penetrator Box" meets the highest standards (BSI basic protection, ISO27001), we know too well that there are always residual risks. If the data in your systems is too sensitive for this model, we also offer classic on-site models (penetration tester on site).
Either way – it is a quality service that must be individual. Therefore, we cannot provide any further insights from this point onwards, but we look forward to meeting you in person for more details.
We use cookies, and Google reCAPTCHA, which loads Google Fonts and communicates with Google servers. By continuing to use our website, you agree to the use of cookies and our privacy policy.