What is Penetration Testing as a Service (PTaaS)?
Penetration tests have become an indispensable part of IT security. As a rule, they are carried out every year to protect against hackers and their consequences. However, for corporations and companies that are active in software or product development, a pentest that is performed once a year is not enough.
Our solution to this need is a penetration test as a contract model called "Pentest as a Service". The "Pentest as a Service" service offering enables penetration tests to be scheduled and individually tailored to the company, for example on a monthly or quarterly basis as required.
This service model is for you if you meet any of the following:
So what are the concise differences between classic penetration testing and the "Pentest as a Service" contract model?
For each regular penetration test, you need about 1/4 - 1/3 of the project time for organization (project management) and the creation of documentation for a proper (legally correct) execution. We reduce this time and financial overhead considerably with the Pentest as a Service model, as we can perform a test phase recurrently in an agreed period of time.
Through these regular checks, you improve your IT and create optimized time and priority management through assigned work packages for internal implementation. We would like to explain further differences in the following table.
Test Area
Fixed
Dynamically expandable
Results (Finding)
Total at end
Any time denomination
Status Report
One time
Agile
Cooperation
2-8 weeks
6-12 months
In Kritis environments, it is often a framework contract that regulates when which systems are to be tested on site.
Please talk to us here, as there are no blanket solutions.
We will work with you to develop a model that suits you, free of charge of course, anything else would simply be frivolous.
We agree on the exact requirements in a free appointment with you. In a kick-off meeting, we will then define test periods (what should be tested when and in which cycles) and configure a remote gateway in your network.
For security reasons, this should only ever be switched on when testing is required, even if the "Penetrator Box" - as we call it, meets the highest standards (BSI Grundschutz, ISO27001), we know too well that there are always residual risks. However, if the data is too sensitive, we also offer classic onsite model (penetration tester on-site).
Either way - it is a quality service that must be individual. Therefore, from this point on, we cannot give any further "insights", but at this point we are looking forward to getting to know you personally to give you insights into how the model can help you.
