Continuous Penetration Testing with Lifeguard™
Lifeguard™ is the industry-first, “white glove” continuous penetration testing service that provides a continuous view of risks posed to your organization by Information Technology assets, preventing real-world attacks by identifying and communicating new vulnerabilities to relevant IT staff for remediation.
Lifeguard™ connects your IT staff directly to our professional penetration test team to remediate and validate vulnerabilities, ensuring newly identified vulnerabilities are properly remediated, drastically shrinking the amount of time an attacker has to find and exploit any given vulnerability.
Lifeguard™ is highly customized to your environment and we develop a tailored approach for each customer.
For a completely hands off approach, let us explore different areas of your network in the way a real-world attacker would. For a more targeted approach, drive us to specific areas of your network or even to specific apps and hosts.
Over a period of 2 years, we compromised one client 63 times, breaching the external perimeter and pivoting to the internal network. None of these critical risk findings were identified by a vulnerability scanner, so if the organization was relying solely on vulnerability scanners, they would have missed these exploitable vulnerabilities, leaving them ripe for exploitation by real-world attackers.
When our customers remediate a vulnerability, we conduct validation testing to ensure the vulnerability has been successfully remediated. 11% of the time when a customer thinks they fixed an issue, it is still vulnerable. In this case, we re-open the finding and hold their hands to ensure it gets remediated.
Our pen test team works directly with your system/network/app administrators and developers, eliminating security staff as a chokepoint for getting vulnerabilities remediated.
Lifeguard™ is Not Automated Penetration Testing
Every security finding in Lifeguard™ is produced by an expert penetration tester – not a tool, resulting in an accurate risk rating with no chance of a false positive. A narrative section explains the finding, how it was exploited, screenshots of the exploit sequence, and its impact. Recommendations are provided to assist IT staff with remediation.
Vulnerability remediation validation is also conducted manually, and often takes as much time as identifying the vulnerability in the first place, because we need to get it right.
Lifeguard™ Empowers Your Staff
Our customer’s Information Security staff love Lifeguard™ because they no longer have to configure, run, and analyze scanners, then look up assets in the inventory system and communicate vulnerabilities to IT staff. When Lifeguard™ is set up, IT assets are linked to relevant IT staff and security findings are communicated directly in order to eliminate the InfoSec team being a chokepoint. It’s also not the security team pointing the finger, it’s an outside pen test team, which helps keep the peace in the organization.
Customer’s Information Technologists love Lifeguard™ because we hold their hands through the vulnerability remediation process, ensuring they have correctly fixed the security issue. We don’t care how many times we have to go back and re-open a finding, or how much we have to explain how to fix the problem, we are there to ensure IT staff is successful, and we stick around until the job is done!
- Secure, interactive web portal that acts as a vulnerability management and ticketing system all in one – no user limit
- Continuous Attack Surface Management via host discovery and port scanning – our CEO Mark Wolfgang developed cutting edge host discovery techniques way back in 2002 that have since been incorporated into nmap, but we still have our own techniques
- Daily Vulnerability Scanning that feeds pen tester work flow
- Daily manual penetration testing by expert pen testers
- Daily manual vulnerability remediation validation testing by expert pen testers
- Bleeding edge CVE testing – we catalog software versions on a daily basis and cross-reference it with the latest CVEs in order to test client systems sometimes up to a week before vulnerability scanner plugins are published
- On demand report generation – filter by department or team
Pricing is dependent on the size of your network perimeter and the complexity of your organization. Please email us for a free consultation.
Lifeguard™ Free Trial
Give us 45 days to prove our value and we’ll show you what Lifeguard is all about. We’re offering free 45 day trials of qualified customers Lifeguard. Contact us via email or book a meeting with Mark Wolfgang for more information.