Product Team

Led by Vinay Anand, Jake Reynolds, and Cody Chamberlain, NetSPI’s Product Team drives the development and expansion of new offensive security solutions and tools. Our proven track record, firsthand expertise, and collaboration across departments creates our strong reputation as the global leader in offensive security.
More by Product Team
WP_Query Object
(
    [query] => Array
        (
            [post_type] => Array
                (
                    [0] => post
                    [1] => webinars
                )

            [posts_per_page] => -1
            [post_status] => publish
            [meta_query] => Array
                (
                    [relation] => OR
                    [0] => Array
                        (
                            [key] => new_authors
                            [value] => "151"
                            [compare] => LIKE
                        )

                    [1] => Array
                        (
                            [key] => new_presenters
                            [value] => "151"
                            [compare] => LIKE
                        )

                )

        )

    [query_vars] => Array
        (
            [post_type] => Array
                (
                    [0] => post
                    [1] => webinars
                )

            [posts_per_page] => -1
            [post_status] => publish
            [meta_query] => Array
                (
                    [relation] => OR
                    [0] => Array
                        (
                            [key] => new_authors
                            [value] => "151"
                            [compare] => LIKE
                        )

                    [1] => Array
                        (
                            [key] => new_presenters
                            [value] => "151"
                            [compare] => LIKE
                        )

                )

            [error] => 
            [m] => 
            [p] => 0
            [post_parent] => 
            [subpost] => 
            [subpost_id] => 
            [attachment] => 
            [attachment_id] => 0
            [name] => 
            [pagename] => 
            [page_id] => 0
            [second] => 
            [minute] => 
            [hour] => 
            [day] => 0
            [monthnum] => 0
            [year] => 0
            [w] => 0
            [category_name] => 
            [tag] => 
            [cat] => 
            [tag_id] => 
            [author] => 
            [author_name] => 
            [feed] => 
            [tb] => 
            [paged] => 0
            [meta_key] => 
            [meta_value] => 
            [preview] => 
            [s] => 
            [sentence] => 
            [title] => 
            [fields] => 
            [menu_order] => 
            [embed] => 
            [category__in] => Array
                (
                )

            [category__not_in] => Array
                (
                )

            [category__and] => Array
                (
                )

            [post__in] => Array
                (
                )

            [post__not_in] => Array
                (
                )

            [post_name__in] => Array
                (
                )

            [tag__in] => Array
                (
                )

            [tag__not_in] => Array
                (
                )

            [tag__and] => Array
                (
                )

            [tag_slug__in] => Array
                (
                )

            [tag_slug__and] => Array
                (
                )

            [post_parent__in] => Array
                (
                )

            [post_parent__not_in] => Array
                (
                )

            [author__in] => Array
                (
                )

            [author__not_in] => Array
                (
                )

            [search_columns] => Array
                (
                )

            [ignore_sticky_posts] => 
            [suppress_filters] => 
            [cache_results] => 1
            [update_post_term_cache] => 1
            [update_menu_item_cache] => 
            [lazy_load_term_meta] => 1
            [update_post_meta_cache] => 1
            [nopaging] => 1
            [comments_per_page] => 50
            [no_found_rows] => 
            [order] => DESC
        )

    [tax_query] => WP_Tax_Query Object
        (
            [queries] => Array
                (
                )

            [relation] => AND
            [table_aliases:protected] => Array
                (
                )

            [queried_terms] => Array
                (
                )

            [primary_table] => wp_posts
            [primary_id_column] => ID
        )

    [meta_query] => WP_Meta_Query Object
        (
            [queries] => Array
                (
                    [0] => Array
                        (
                            [key] => new_authors
                            [value] => "151"
                            [compare] => LIKE
                        )

                    [1] => Array
                        (
                            [key] => new_presenters
                            [value] => "151"
                            [compare] => LIKE
                        )

                    [relation] => OR
                )

            [relation] => OR
            [meta_table] => wp_postmeta
            [meta_id_column] => post_id
            [primary_table] => wp_posts
            [primary_id_column] => ID
            [table_aliases:protected] => Array
                (
                    [0] => wp_postmeta
                )

            [clauses:protected] => Array
                (
                    [wp_postmeta] => Array
                        (
                            [key] => new_authors
                            [value] => "151"
                            [compare] => LIKE
                            [compare_key] => =
                            [alias] => wp_postmeta
                            [cast] => CHAR
                        )

                    [wp_postmeta-1] => Array
                        (
                            [key] => new_presenters
                            [value] => "151"
                            [compare] => LIKE
                            [compare_key] => =
                            [alias] => wp_postmeta
                            [cast] => CHAR
                        )

                )

            [has_or_relation:protected] => 1
        )

    [date_query] => 
    [request] => 
					SELECT   wp_posts.ID
					FROM wp_posts  INNER JOIN wp_postmeta ON ( wp_posts.ID = wp_postmeta.post_id )
					WHERE 1=1  AND ( 
  ( wp_postmeta.meta_key = 'new_authors' AND wp_postmeta.meta_value LIKE '{303f524486050eaa28fa1b1f20f230609d59ccb779a305ec9ef7fca3c454256b}\"151\"{303f524486050eaa28fa1b1f20f230609d59ccb779a305ec9ef7fca3c454256b}' ) 
  OR 
  ( wp_postmeta.meta_key = 'new_presenters' AND wp_postmeta.meta_value LIKE '{303f524486050eaa28fa1b1f20f230609d59ccb779a305ec9ef7fca3c454256b}\"151\"{303f524486050eaa28fa1b1f20f230609d59ccb779a305ec9ef7fca3c454256b}' )
) AND wp_posts.post_type IN ('post', 'webinars') AND ((wp_posts.post_status = 'publish'))
					GROUP BY wp_posts.ID
					ORDER BY wp_posts.post_date DESC
					
				
    [posts] => Array
        (
            [0] => WP_Post Object
                (
                    [ID] => 31415
                    [post_author] => 151
                    [post_date] => 2023-11-07 10:54:45
                    [post_date_gmt] => 2023-11-07 16:54:45
                    [post_content] => 

Phishing remains one of the most successful ways that adversaries gain access to systems. In fact, over 48 percent of emails sent in 2022 were spam, and Google blocks approximately 100 million phishing emails every day. Because of its effectiveness, threat actors constantly develop more sophisticated, less recognizable attack methods determined to trick unsuspecting employees.

Although many companies are adding new processes, technologies, and training materials to combat this, employees continue to fall victim to phishing, vishing, and other forms of social engineering attacks.

https://www.youtube.com/embed/JyXnSbE80lA

To adjust for these current market changes, NetSPI is proud to introduce our updated Social Engineering offerings, delivering the following key benefits to our customers:

  • Modernized Adversarial Approach
    Traditional methods of social engineering testing are not as effective as they once were. As threat actors have become more sophisticated, it is critical that defense strategies adapt accordingly. Through the utilization of additional testing processes and new tooling, we are able to provide attack approaches that mimic those used by real-world adversaries today. This brings a more realistic assessment of vulnerabilities and ensures that your defenses are built to stand up against both past and present attack approaches.
  • Increased Speed & Efficiency
    Every minute counts in the security world, which is why we have implemented new processes and tooling designed to streamline and accelerate testing without compromising on accuracy and quality. A test that previously took three to five days can now be completed in two to three days. This delivers actionable results faster, enabling your team to mitigate vulnerabilities, reduce risk, and boost defenses. We know time is something security professionals do not have an abundance of, and we have updated our solutions to reflect this urgency. 
  • Additional Services & Savings
    We know that cybersecurity is not a one-size-fits-all industry, and no two environments are the same. Our updated Social Enginering solutions have expanded to offer a range of price points that cater to organizations of various sizes and needs. Every company deserves top quality defense, regardless of the budget or available bandwidth.
Automated Social Engineering for the Antisocial Engineer

NetSPI’s Social Engineering Solution Offerings 

  • Email & Text Message Testing (Phishing): Security Awareness, Account Takeover, and Spearphishing Campaign  
  • Phone-Based Testing (Vishing): Policy Check and Capture the Flag  
  • Physical & On-Site Testing: On-Site Assessment, Physical Security Controls Assessment, and Full On-Site Pentesting  

If you’re looking to strengthen internal social engineering prevention practices, NetSPI is ready to help with our proven methodology. Our updated Social Engineering Solutions provide a comprehensive, modern approach to protecting your organization with a focus on current adversarial tactics, increased testing speed and efficiency, and accessible price points.  

For further information on each of our unique Social Engineering Pentesting solutions, check out our data sheet or contact us.

Social Engineering Data Sheet

This blog post is a part of our offensive security solutions update series. Stay tuned for additional innovations within Resolve (PTaaS), ASM (Attack Surface Management), and BAS (Breach and Attack Simulation).

Read past solutions update blogs: 

[post_title] => Elevating Your Defenses with NetSPI’s Updated Social Engineering Solutions  [post_excerpt] => Learn how NetSPI’s updates to its Social Engineering Pentesting solutions help organizations combat sophisticated phishing attempts. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => offensive-security-updates-october-2023 [to_ping] => [pinged] => [post_modified] => 2023-11-07 11:01:14 [post_modified_gmt] => 2023-11-07 17:01:14 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=31415 [menu_order] => 42 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [1] => WP_Post Object ( [ID] => 31172 [post_author] => 151 [post_date] => 2023-10-05 10:43:26 [post_date_gmt] => 2023-10-05 15:43:26 [post_content] =>

Companies are constantly working to innovate. Updates are made to existing solutions, new solutions are launched, processes are refined, new technologies are implemented, etc. and as these changes are made it is normal for new threats to be introduced. The companies take on the risks and responsibilities of new system attack vectors created by these choices. It is critical that companies review these threats, ideally early in the planning phase, but also as an on-going practice throughout the product lifecycle to allow for information-based decision making with all needed data. 

NetSPI's new Threat Modeling service takes a holistic approach to identifying potential threats to your company's systems and applications. Leveraging a proprietary methodology developed from over 20 years of hands-on penetration testing experience, as well as other widely adopted methodologies such as STRIDE, PASTA, and more, each engagement provides a detailed technical analysis that enables stakeholders to make strategic decisions based on prioritized vulnerabilities, enumerated attack scenarios, and customized remediation recommendations through a 6-step process:

NetSPI’s 6-Step Threat Modeling Process

1. Define Security Objectives:
Establish specific security objectives for the engagement and prioritize in alignment with your company’s overall mission and risk tolerance.

2. Information Gathering:
NetSPI collects and reviews all available documentation. We also identify and interview system stakeholders such as: security personnel, developers, architects, business owners, project managers, operations staff, and more. These interviews are designed to provide information about both the architecture and context in which the system(s) function.

3. Environment Decomposition:
We build a component diagram of the most relevant deployment models and information flows between system components, then work to enumerate the system components and trust zones within the environment.

4. Threat Analysis:
Then, we develop a threat analysis based on the assets and system environment. Leveraging NetSPI’s extensive threat library, along with the client-provided information, we enumerate threats, classify severity, define attack scenarios, and identify additional security measurements that can be implemented based on business risks and organizational goals.

5. Countermeasure Identification:
We produce a threat traceability matrix by enumerating actions, devices, procedures, and techniques that prevent or mitigate threats to assets and system components.

6. Reporting:
Lastly, we produce a threat traceability matrix, mapping threats and threat scenarios to their trust zones, components, assets, and controls, and providing a summary of insufficient security controls and related threats.

If you would like to learn more about our Threat Modeling solution, check out our data sheet, or contact us for a demo.

This blog post is a part of our offensive security solutions update series. Stay tuned for additional innovations within Resolve (PTaaS), ASM (Attack Surface Management), and BAS (Breach and Attack Simulation).

Read past solutions update blogs: 

[post_title] => Strategic Security Success with NetSPI’s New Threat Modeling Solution  [post_excerpt] => Learn how NetSPI’s updates to Penetration Testing as a Service (PTaaS), Attack Surface Management, and Breach and Attack Simulation can help you better secure your business. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => offensive-security-updates-september-2023 [to_ping] => [pinged] => [post_modified] => 2023-10-05 10:43:28 [post_modified_gmt] => 2023-10-05 15:43:28 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=31172 [menu_order] => 57 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [2] => WP_Post Object ( [ID] => 30934 [post_author] => 151 [post_date] => 2023-09-05 09:00:00 [post_date_gmt] => 2023-09-05 14:00:00 [post_content] =>

AI/ML is being rapidly adopted into many aspects of businesses. It is transforming the way we work because of its ability to reduce the efforts and costs to complete tasks, but we are only at the beginning of this technology's potential. As the adoption and use cases continue to grow, it is critical that organizations understand the unique threats that AI/ML brings along with it, along with identifying weak spots and building more resilient models.  

https://youtu.be/qxPRFcfLG0k?si=riF9odk07Zr6Aa9R

NetSPI’s industry-leading AI/ML pentesting solution was built from decades of manual penetration testing expertise in network, application, cloud, and more, designed specifically to identify, understand, and mitigate risks of AI and ML models. This new solution allows you to improve overall resiliency to attacks and strengthen security with three unique offerings: 

  • The Machine Learning Security Assessment is designed to evaluate ML models, including Large Language Models (LLMs), against adversarial attacks, identify vulnerabilities, and provide actionable recommendations to ensure the overall safety of the model, its components, and their interactions with the surrounding environment. 
  • Our Infrastructure Security Assessment tests the surrounding infrastructure around your model. This assessment covers network security, cloud security, API security, and more, ensuring that your organization’s deployment adheres to defense in depth security policies and mitigates potential risks. 
  • And finally, the Web Application Penetration Testing offering evaluates the security and reliability of web applications utilizing LLMs and other machine learning integrations. Leveraging sophisticated manual processes and automated tools, we identify vulnerabilities and risks specific to LLM-integrated functionality, providing actionable recommendations to enhance security and safeguard sensitive data. 
https://youtu.be/kUtvRmwP1s4

If you would like to learn more about our AI/ML Pentesting, check out our data sheet, or contact us for a demo.

This blog post is a part of our offensive security solutions update series. Stay tuned for additional innovations within Resolve (PTaaS), ASM (Attack Surface Management), and BAS (Breach and Attack Simulation). 

Read past solutions update blogs: 

[post_title] => Ignite Innovation with NetSPI’s New AI/ML Penetration Testing  [post_excerpt] => Learn how NetSPI’s updates to Penetration Testing as a Service (PTaaS), Attack Surface Management, and Breach and Attack Simulation can help you better secure your business. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => offensive-security-updates-august-2023 [to_ping] => [pinged] => [post_modified] => 2023-09-05 09:48:54 [post_modified_gmt] => 2023-09-05 14:48:54 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=30934 [menu_order] => 67 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [3] => WP_Post Object ( [ID] => 30711 [post_author] => 151 [post_date] => 2023-08-01 08:50:16 [post_date_gmt] => 2023-08-01 13:50:16 [post_content] =>

SaaS applications play a critical role in attack surface expansion as businesses continue to increasingly depend on them for critical operations and data management. Many organizations however overlook SaaS security, assuming that the SaaS vendor will protect customer data and application usage. This leaves a major blind spot for security teams, and a prime opportunity for malicious actors around the globe. In fact, 81 percent of organizations have sensitive SaaS data exposed according to Veronis. 

NetSPI’s new SaaS Security Assessments leverage both automated and manual testing methods in accordance with industry standards like the CIS Benchmarks, with additional security checks developed from years of industry-leading application and cloud assessments. During each engagement NetSPI will uncover critical vulnerabilities and misconfigurations, provide actionable guidance for fast and thorough remediation, and ultimately improve overall SaaS security posture. 

https://youtu.be/sA7m2BZUYFI

NetSPI’s SaaS Security Assessments target two global SaaS leaders, Salesforce and Microsoft 365, with three unique solutions:  

1. Salesforce Web Application Pentest

This offering provides comprehensive insights into the security of our customers’ Salesforce web applications and integrations, with actionable recommendations to reduce business function risk. Testing is focused on data storage, integrations, authentication mechanisms, and Salesforce-hosted applications. Access to sensitive organizational data is tested in the contexts of both the intended, authenticated user of the instance as well as the unauthenticated Guest user.  

2. Salesforce Configuration Audit   

Designed to guide security posture enhancements of Salesforce instances, this offering aims to minimize potential risks and vulnerabilities that stem from the shared responsibility SaaS security model. Testing is focused on the manual and automated review of instance users and their assigned roles, Salesforce Object permissions, Apex code, setup settings, and data storage configurations. Additional review focuses on API hardening, black box scenarios, and the potential for novel attack paths.   

3. Microsoft 365 Security Assessment   

Leveraging automated scanning and manual testing methods, NetSPI uses commercial, open source, and proprietary software to assess and identify Microsoft 365 security vulnerabilities and misconfigurations. NetSPI uses five key steps to improve our customers’ M365 security:   

  • Automated Configuration Gathering  
  • Manual Configuration Gathering  
  • Configuration Analysis and Vulnerability Enumeration  
  • Vulnerability Enumeration and Manual Verification  
  • Reporting Findings 

Each of these were built to provide actionable insights into identity and access management, data management, data storage, email security, account protection, password protection, integrations, and more, with test results being delivered in real-time through NetSPI’s PTaaS Platform to streamline reporting and remediation.

SaaS Security Assessment provides insights into several areas.

If you would like to learn more about our Software as a Service (SaaS) Security Assessment, check out our SaaS Security Assessment webpage, or contact us to learn more.  

This blog post is a part of our offensive security solutions update series. Stay tuned for additional innovations within Resolve (PTaaS), ASM (Attack Surface Management), and BAS (Breach and Attack Simulation). 

Read past solutions update blogs: 

[post_title] => Introducing New Software as a Service (SaaS) Security Assessments  [post_excerpt] => Learn how NetSPI’s new SaaS Security Assessments can help businesses secure their Salesforce and Microsoft 365 instances. Read our latest offensive security solutions update! [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => offensive-security-updates-july-2023 [to_ping] => [pinged] => [post_modified] => 2023-08-01 08:50:18 [post_modified_gmt] => 2023-08-01 13:50:18 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=30711 [menu_order] => 83 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [4] => WP_Post Object ( [ID] => 30450 [post_author] => 151 [post_date] => 2023-06-27 09:08:10 [post_date_gmt] => 2023-06-27 14:08:10 [post_content] =>

NetSPI is the global leader in offensive security, delivering the most comprehensive suite of penetration testing, attack surface management, and breach and attack simulation solutions. Through a combination of technology innovation and human ingenuity NetSPI helps organizations discover, prioritize, and remediate security vulnerabilities.  

We maintain a leadership position in the industry by listening to client feedback, analyzing industry trends, and investing in breakthrough technology developments. Over the last few months, our development teams have been busy, and are excited to introduce a variety of new features and capabilities across our Breach and Attack Simulation, Attack Surface Management, and Penetration Testing as a Service (PTaaS) solutions.

https://www.youtube.com/embed/C7Hp1bzaGuo

Breach and Attack Simulation (BAS)

Companies often spend thousands, even millions, of dollars on detective controls. However, very few validate the effectiveness of these solutions. After initial testing, NetSPI Breach and Attack Simulation (BAS) data shows that on average 80 percent of common attack behaviors are missed by traditional EDR, SIEM and MSSP out-of-the-box solutions… YIKES! 

NetSPI’s BAS is designed specifically with this use case in mind, evaluating the effectiveness of detective controls and equipping security professionals with easily digestible and actionable KPIs. The latest updates to our BAS platform include: 

  • 185 new Living Off the Land Binaries and Scripts (LOLBAS) plays designed to validate detective controls and measure KPIs with more detail than ever before.  
  • 8 new Advanced Plays, which deliver extreme playbook customization and allow teams to create and simulate almost any scenario they can come up with. 

In summary, we have added more common and customizable plays to Evaluate detective controls, Educate on attack behaviors, and Enable SOC teams with actionable information to make fact-based decisions and improve resilience where it is needed most. 

If you would like to learn more about these updates, or other recent releases within our Breach and Attack Simulation platform, we encourage you to read our release notes, or contact us for a demo.

Attack Surface Management (ASM)

NetSPI’s Attack Surface Management (ASM) helps security teams manage risk by providing an ongoing external view and personalized risk assessment of an organization’s attack surface, assets, and risk profile in between security tests.  

A recent example demonstrating the need for companies to invest in an ongoing attack surface management solution can be found in the Fortigate CVE announced on June 13. This announcement disclosed a critical pre-authentication remote code execution (RCE) vulnerability in SSL VPN devices that affected all versions of Fortigate SSL-VPN devices and allowed unauthenticated access for RCE. The NetSPI ASM Operations team heard of this and immediately created an automatic detection to push vulnerability alerts for this CVE to our customers, expediting the discovery and remediation process.  

Also, we recently upgraded our World Map view within Attack Surface Management. Many companies host assets in different countries or regions around the globe. We’ve added a “zoom in” capability which allows users to see exactly which assets are hosted in which locations. This provides an easy way for users to locate both know and unknown assets, as well as exploitable assets infringing on their attack surface. 

To learn more about these updates, or other recent releases within our Attack Surface Management platform, check out our release notes, or contact us for a demo.

Penetration Testing as a Service (Resolve™)

NetSPI’s Resolve, our penetration testing as a service (PTaaS) platform, has been an industry leader for years, allowing users to visualize their test results and streamline remediation by up to 40 percent. This product remains the leader due to continued updates from our product development teams.  

Our latest updates focus on tracking and trending vulnerability data, and making that data easily digestible for yourself, your team, and your executives. Our new Vulnerability Trend Dashboard allows users to build customized views to display vulnerability data however is most impactful for each audience. Filter the customized views on whatever specific time, assets, projects, or findings are most relevant for each individual, and save them to review whenever is needed.  

The information shown in each view automatically updates with new vulnerability data throughout each test, ensuring the latest and greatest information is shown to streamline communication and empower teams. Users can also add additional viewers to each saved view or export the charts to streamline reporting. 

If you would like to learn more, we encourage you to read our release notes, or contact us for a demo

This blog post is a part of our offensive security solutions update series. Stay tuned for additional innovations within Resolve (PTaaS), ASM (Attack Surface Management), and BAS (Breach and Attack Simulation). 

Read past solutions update blogs: 

[post_title] => NetSPI Offensive Security Solutions Updates: June 2023  [post_excerpt] => Learn how NetSPI’s updates to Penetration Testing as a Service (PTaaS), Attack Surface Management, and Breach and Attack Simulation can help you better secure your business. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => offensive-security-updates-june-2023 [to_ping] => [pinged] => [post_modified] => 2023-06-27 09:57:53 [post_modified_gmt] => 2023-06-27 14:57:53 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=30450 [menu_order] => 92 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [5] => WP_Post Object ( [ID] => 30181 [post_author] => 151 [post_date] => 2023-05-25 10:09:59 [post_date_gmt] => 2023-05-25 15:09:59 [post_content] =>

Continual commitment to advancing your security measures is essential in the evolving threat landscape. The need for powerful offensive security has never been greater as security teams face increasingly sophisticated adversaries. NetSPI is at the forefront of this goal with a team dedicated to developing and enhancing our Breach and Attack Simulation (BAS), Attack Surface Management (ASM), and Penetration Testing as a Service (PTaaS) platforms. 

Our commitment to innovation drives our product teams to work tirelessly, crafting new features and improving usability across our platforms. By listening to your feedback and conducting comprehensive interviews, we’ve gained insights into common challenges and developed solutions that empower internal teams to strengthen their offensive security. 

We're excited to show the latest updates that will advance the way you approach offensive security. Explore these exciting new additions across our BAS, ASM, and PTaaS platforms below, or schedule a demo anytime to get access to a team of offensive security professionals to guide your strategy. 

https://youtu.be/THfxBJpMq0Q

Breach and Attack Simulation (BAS) 

NetSPI's Breach and Attack Simulation (BAS) platform puts your detective controls to the test by leveraging advanced technology and skilled penetration testers to simulate real-world attack behaviors. BAS plays a crucial role in building resilience against threats like ransomware, fraud, denial of service, information leaks, data loss, and more. The latest updates to BAS add customization options, reduce alert fatigue, and improve reporting. 

Advanced Filtering 

Alert fatigue poses a significant challenge today. Amidst thousands of alerts, identifying the crucial ones can mean the difference between maintaining a secure environment or falling victim to an attack.  

However, with our new Advanced Filtering feature, sifting through alerts is a task of the past. You can effortlessly sort and filter data based on your priorities, such as specific threat actors, tools and malware, tested versus untested controls, and much more. The filtered information is presented in real-time charts within the platform and can be conveniently exported in CSV, JSON, and now PDF formats. Say goodbye to alert overload and embrace a streamlined approach to security management. 

PDF Export 

Introducing the PDF Export feature makes us proud to enable seamless communication across various teams — including engineers, analysts, executive leadership team members, and board members. It includes an executive summary alongside comprehensive details about the results of an engagement, catering to both technical and non-technical audiences, and fostering effective collaboration across divisions. 

NetSPI's BAS PDF Export Feature

Attack Surface Management (ASM) 

Attack Surface Management makes continuous external network pentesting a reality by providing ongoing asset discovery coupled with manual exposure validation all within a centralized ASM platform. What sets our ASM offering apart from other vendors is our people — a dedicated attack surface operations team that meticulously reviews, validates, and organizes the results, alleviating the burden on you and your team and focusing remediation efforts with a prioritized list. The latest updates to ASM help clients visualize their entire attack surface and sift through alerts to find meaningful ones among the noise. 

Company Hierarchy Dashboard 

Visualizing your attack surface can be an undertaking, especially when dealing with complex company structures, subsidiaries, divisions, or mergers and acquisitions. NetSPI's Company Hierarchy Dashboard simplifies this task.  

With just two clicks, gain a comprehensive view of your entire company and entity relationships on a single screen. This powerful tool helps identify IP addresses within subsidiaries, uncover new assets, and trace their origins, enabling effective asset management and improved security posture. 

Signal Dashboard 

Our team introduced the Signal Dashboard so you can see all the noise our ASM operations team digs into, and how we turn that into a few actionable, validated vulnerability findings. The dashboard gives you transparency into the work going on behind the scenes on your engagement. While we don’t share all alerts immediately, they do remain accessible just in case you want to take a look. 

NetSPI's ASM Signal Dashboard

1,000+ New Integration Capabilities 

Integrations play a pivotal role in enhancing your user experience, streamlining workflows across platforms, and broadening asset discovery. Recognizing the significance of this, the Gartner® Competitive Landscape: External Attack Surface Management indicates that vendors who prioritize expanding the scope of asset discovery through deeper integrations gain a competitive edge that’s passed along to customers. 

In line with this research and in response to your feedback, we’ve diligently listened and integrated the most crucial platforms, such as Jira, ServiceNow, Splunk, Microsoft Teams, GitHub, ZoomInfo, and over 1,000 others. 

Penetration Testing as a Service (Resolve™) 

NetSPI's Penetration Testing as a Service (PTaaS) platform Resolve™ is proven to advance vulnerability discovery and speed up remediation. Our centralized technology offers real-time reporting, trending findings data, and manual prioritization by our expert analysts. The latest updates to Resolve help clients keep track of the status of engagements and easily drill down to relevant data points. 

Program Management Dashboard 

Obtaining a pentest is just the beginning, but keeping tabs on its status takes vulnerability insight to a new level. Our Program Management Dashboard simplifies understanding the test statuses, remediation progress, important dates, and beyond. Bonus! We took a page out of Dominos book and built a visual tracker that brings transparency into progress throughout engagements. 

Data Lab Dashboard  

Introducing the revamped Data Lab Dashboard with an enhanced interface. Alongside the visual update, we expanded the capabilities, empowering security teams to construct and export personalized reports effortlessly. Simply specify the desired entity on the left, apply filters to the results grid, and drill down into more detailed information with a single click. Moreover, the data grids can be conveniently exported, providing greater flexibility in using the data. 

NetSPI's Data Lab Dashboard

We aim to meet you where you are by enhancing our technology to streamline your team’s work. If you have a feature request for our team, be sure to have a conversation with your Account Executive to relay the message to NetSPI's Product Team!  

This article is a part of our Offensive Security solutions update series. Stay tuned for additional innovations and catch the latest updates in our platform release notes:  

Past solutions updates:  

[post_title] => NetSPI Offensive Security Solutions Updates: Q2 2023 [post_excerpt] => Enhance workflows with these new features to Penetration Testing as a Service (PTaaS), Attack Surface Management, and Breach and Attack Simulation. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => offensive-security-solutions-updates-q2-2023 [to_ping] => [pinged] => [post_modified] => 2023-05-25 10:10:00 [post_modified_gmt] => 2023-05-25 15:10:00 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=30181 [menu_order] => 109 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) ) [post_count] => 6 [current_post] => -1 [before_loop] => 1 [in_the_loop] => [post] => WP_Post Object ( [ID] => 31415 [post_author] => 151 [post_date] => 2023-11-07 10:54:45 [post_date_gmt] => 2023-11-07 16:54:45 [post_content] =>

Phishing remains one of the most successful ways that adversaries gain access to systems. In fact, over 48 percent of emails sent in 2022 were spam, and Google blocks approximately 100 million phishing emails every day. Because of its effectiveness, threat actors constantly develop more sophisticated, less recognizable attack methods determined to trick unsuspecting employees.

Although many companies are adding new processes, technologies, and training materials to combat this, employees continue to fall victim to phishing, vishing, and other forms of social engineering attacks.

https://www.youtube.com/embed/JyXnSbE80lA

To adjust for these current market changes, NetSPI is proud to introduce our updated Social Engineering offerings, delivering the following key benefits to our customers:

  • Modernized Adversarial Approach
    Traditional methods of social engineering testing are not as effective as they once were. As threat actors have become more sophisticated, it is critical that defense strategies adapt accordingly. Through the utilization of additional testing processes and new tooling, we are able to provide attack approaches that mimic those used by real-world adversaries today. This brings a more realistic assessment of vulnerabilities and ensures that your defenses are built to stand up against both past and present attack approaches.
  • Increased Speed & Efficiency
    Every minute counts in the security world, which is why we have implemented new processes and tooling designed to streamline and accelerate testing without compromising on accuracy and quality. A test that previously took three to five days can now be completed in two to three days. This delivers actionable results faster, enabling your team to mitigate vulnerabilities, reduce risk, and boost defenses. We know time is something security professionals do not have an abundance of, and we have updated our solutions to reflect this urgency. 
  • Additional Services & Savings
    We know that cybersecurity is not a one-size-fits-all industry, and no two environments are the same. Our updated Social Enginering solutions have expanded to offer a range of price points that cater to organizations of various sizes and needs. Every company deserves top quality defense, regardless of the budget or available bandwidth.
Automated Social Engineering for the Antisocial Engineer

NetSPI’s Social Engineering Solution Offerings 

  • Email & Text Message Testing (Phishing): Security Awareness, Account Takeover, and Spearphishing Campaign  
  • Phone-Based Testing (Vishing): Policy Check and Capture the Flag  
  • Physical & On-Site Testing: On-Site Assessment, Physical Security Controls Assessment, and Full On-Site Pentesting  

If you’re looking to strengthen internal social engineering prevention practices, NetSPI is ready to help with our proven methodology. Our updated Social Engineering Solutions provide a comprehensive, modern approach to protecting your organization with a focus on current adversarial tactics, increased testing speed and efficiency, and accessible price points.  

For further information on each of our unique Social Engineering Pentesting solutions, check out our data sheet or contact us.

Social Engineering Data Sheet

This blog post is a part of our offensive security solutions update series. Stay tuned for additional innovations within Resolve (PTaaS), ASM (Attack Surface Management), and BAS (Breach and Attack Simulation).

Read past solutions update blogs: 

[post_title] => Elevating Your Defenses with NetSPI’s Updated Social Engineering Solutions  [post_excerpt] => Learn how NetSPI’s updates to its Social Engineering Pentesting solutions help organizations combat sophisticated phishing attempts. [post_status] => publish [comment_status] => closed [ping_status] => closed [post_password] => [post_name] => offensive-security-updates-october-2023 [to_ping] => [pinged] => [post_modified] => 2023-11-07 11:01:14 [post_modified_gmt] => 2023-11-07 17:01:14 [post_content_filtered] => [post_parent] => 0 [guid] => https://www.netspi.com/?p=31415 [menu_order] => 42 [post_type] => post [post_mime_type] => [comment_count] => 0 [filter] => raw ) [comment_count] => 0 [current_comment] => -1 [found_posts] => 6 [max_num_pages] => 0 [max_num_comment_pages] => 0 [is_single] => [is_preview] => [is_page] => [is_archive] => [is_date] => [is_year] => [is_month] => [is_day] => [is_time] => [is_author] => [is_category] => [is_tag] => [is_tax] => [is_search] => [is_feed] => [is_comment_feed] => [is_trackback] => [is_home] => 1 [is_privacy_policy] => [is_404] => [is_embed] => [is_paged] => [is_admin] => [is_attachment] => [is_singular] => [is_robots] => [is_favicon] => [is_posts_page] => [is_post_type_archive] => [query_vars_hash:WP_Query:private] => 4c6b09cba8f86abedac9556ddf92321e [query_vars_changed:WP_Query:private] => [thumbnails_cached] => [allow_query_attachment_by_filename:protected] => [stopwords:WP_Query:private] => [compat_fields:WP_Query:private] => Array ( [0] => query_vars_hash [1] => query_vars_changed ) [compat_methods:WP_Query:private] => Array ( [0] => init_query_flags [1] => parse_tax_query ) )

Discover how the NetSPI BAS solution helps organizations validate the efficacy of existing security controls and understand their Security Posture and Readiness.

X