Safeguard the organization’s IT infrastructure continuously over time
Many organizations have extensive IT infrastructure. This means that some parts are rarely, if ever, penetration tested. In order to ensure an acceptable minimum level of security within your organization, therefore, it is recommended to test these parts continuously in order to identify vulnerabilities and as a complement to deep penetration tests that are often performed on individual applications or systems.
Continuous Delivery Pentesting (CDP) uses a combination of external and internal vulnerability scans, manual and semi-automated penetration testing activities, as well as public and non-public sources of Threat Intelligence. Together, the various components mean that the IT infrastructure can be tested as realistically as possible.
Identify appropriate priorities for corrective action
The aim of CDP is to provide you with a clear and continually updated impression of your security vulnerabilities, which will then be updated as vulnerabilities are resolved and new vulnerabilities arise. It also identifies which vulnerabilities are critical and therefore need to be prioritized. There are several benefits, including:
- A short response time from when a vulnerability is detected until you receive feedback with recommendations for action
- ”Unprioritized” parts of the IT infrastructure are reviewed, as they could otherwise have allowed an attacker to gain a foothold within the organization
- A continuous flow of prioritized action proposals is provided in order to continuously raise the threshold for an attacker
- ”Periodic summaries are provided, including a clear Progress Report with KPIs
- The right perspective – the same perspective and attack area encountered by real attackers
Based on cutting-edge technology deployed by leading experts
Cutting-edge CDP technology is used. The work is directed and quality-assured by some of the country’s foremost technical experts in the field of IT security. The service includes:
- Continuous vulnerability scans employing multiple tools
- Continuous validation of the results from the vulnerability scans
- Continuous penetration tests based on the results of automated scanning
- Continuous correlation of the results from diverse parts of IT infrastructure
- Identification of escalation paths from different authorisation levels from a comprehensive perspective
The service can be tailored to suit the customer’s needs regarding coverage, test depth, reporting channels and reporting frequency.
Sentor has the necessary technical expertise
Our Technical and Information Security Department has over 100 years of combined professional experience in penetration testing. Our service for continuous security tests is based on input from our technical security experts and has been developed in collaboration with customers at the forefront in the field of security.