Product Team
- The Machine Learning Security Assessment is designed to evaluate ML models, including Large Language Models (LLMs), against adversarial attacks, identify vulnerabilities, and provide actionable recommendations to ensure the overall safety of the model, its components, and their interactions with the surrounding environment.
- Our Infrastructure Security Assessment tests the surrounding infrastructure around your model. This assessment covers network security, cloud security, API security, and more, ensuring that your organization’s deployment adheres to defense in depth security policies and mitigates potential risks.
- And finally, the Web Application Penetration Testing offering evaluates the security and reliability of web applications utilizing LLMs and other machine learning integrations. Leveraging sophisticated manual processes and automated tools, we identify vulnerabilities and risks specific to LLM-integrated functionality, providing actionable recommendations to enhance security and safeguard sensitive data.
If you would like to learn more about our AI/ML Pentesting, check out our data sheet, or contact us for a demo.
This blog post is a part of our offensive security solutions update series. Stay tuned for additional innovations within Resolve (PTaaS), ASM (Attack Surface Management), and BAS (Breach and Attack Simulation).
Read past solutions update blogs:
- NetSPI Attack Surface Management Updates: Portfolio Dashboard & Perceptual Hashing
- 2023 Q1 Solutions Update Blog
- 2023 Q2 Solutions Update Blog
- 2023 June Solutions Update Blog
- 2023 July Solutions Update Blog
SaaS applications play a critical role in attack surface expansion as businesses continue to increasingly depend on them for critical operations and data management. Many organizations however overlook SaaS security, assuming that the SaaS vendor will protect customer data and application usage. This leaves a major blind spot for security teams, and a prime opportunity for malicious actors around the globe. In fact, 81 percent of organizations have sensitive SaaS data exposed according to Veronis.
NetSPI’s new SaaS Security Assessments leverage both automated and manual testing methods in accordance with industry standards like the CIS Benchmarks, with additional security checks developed from years of industry-leading application and cloud assessments. During each engagement NetSPI will uncover critical vulnerabilities and misconfigurations, provide actionable guidance for fast and thorough remediation, and ultimately improve overall SaaS security posture.
NetSPI’s SaaS Security Assessments target two global SaaS leaders, Salesforce and Microsoft 365, with three unique solutions:
1. Salesforce Web Application Pentest
This offering provides comprehensive insights into the security of our customers’ Salesforce web applications and integrations, with actionable recommendations to reduce business function risk. Testing is focused on data storage, integrations, authentication mechanisms, and Salesforce-hosted applications. Access to sensitive organizational data is tested in the contexts of both the intended, authenticated user of the instance as well as the unauthenticated Guest user.
2. Salesforce Configuration Audit
Designed to guide security posture enhancements of Salesforce instances, this offering aims to minimize potential risks and vulnerabilities that stem from the shared responsibility SaaS security model. Testing is focused on the manual and automated review of instance users and their assigned roles, Salesforce Object permissions, Apex code, setup settings, and data storage configurations. Additional review focuses on API hardening, black box scenarios, and the potential for novel attack paths.
3. Microsoft 365 Security Assessment
Leveraging automated scanning and manual testing methods, NetSPI uses commercial, open source, and proprietary software to assess and identify Microsoft 365 security vulnerabilities and misconfigurations. NetSPI uses five key steps to improve our customers’ M365 security:
- Automated Configuration Gathering
- Manual Configuration Gathering
- Configuration Analysis and Vulnerability Enumeration
- Vulnerability Enumeration and Manual Verification
- Reporting Findings
Each of these were built to provide actionable insights into identity and access management, data management, data storage, email security, account protection, password protection, integrations, and more, with test results being delivered in real-time through NetSPI’s PTaaS Platform to streamline reporting and remediation.
If you would like to learn more about our Software as a Service (SaaS) Security Assessment, check out our SaaS Security Assessment webpage, or contact us to learn more.
This blog post is a part of our offensive security solutions update series. Stay tuned for additional innovations within Resolve (PTaaS), ASM (Attack Surface Management), and BAS (Breach and Attack Simulation).
Read past solutions update blogs:
- NetSPI Attack Surface Management Updates: Portfolio Dashboard &
Perceptual Hashing - 2023 Q1 Solutions Update Blog
- 2023 Q2 Solutions Update Blog
- 2023 June Solutions Update Blog
NetSPI is the global leader in offensive security, delivering the most comprehensive suite of penetration testing, attack surface management, and breach and attack simulation solutions. Through a combination of technology innovation and human ingenuity NetSPI helps organizations discover, prioritize, and remediate security vulnerabilities.
We maintain a leadership position in the industry by listening to client feedback, analyzing industry trends, and investing in breakthrough technology developments. Over the last few months, our development teams have been busy, and are excited to introduce a variety of new features and capabilities across our Breach and Attack Simulation, Attack Surface Management, and Penetration Testing as a Service (PTaaS) solutions.
Breach and Attack Simulation (BAS)
Companies often spend thousands, even millions, of dollars on detective controls. However, very few validate the effectiveness of these solutions. After initial testing, NetSPI Breach and Attack Simulation (BAS) data shows that on average 80 percent of common attack behaviors are missed by traditional EDR, SIEM and MSSP out-of-the-box solutions… YIKES!
NetSPI’s BAS is designed specifically with this use case in mind, evaluating the effectiveness of detective controls and equipping security professionals with easily digestible and actionable KPIs. The latest updates to our BAS platform include:
- 185 new Living Off the Land Binaries and Scripts (LOLBAS) plays designed to validate detective controls and measure KPIs with more detail than ever before.
- 8 new Advanced Plays, which deliver extreme playbook customization and allow teams to create and simulate almost any scenario they can come up with.
In summary, we have added more common and customizable plays to Evaluate detective controls, Educate on attack behaviors, and Enable SOC teams with actionable information to make fact-based decisions and improve resilience where it is needed most.
If you would like to learn more about these updates, or other recent releases within our Breach and Attack Simulation platform, we encourage you to read our release notes, or contact us for a demo.
Attack Surface Management (ASM)
NetSPI’s Attack Surface Management (ASM) helps security teams manage risk by providing an ongoing external view and personalized risk assessment of an organization’s attack surface, assets, and risk profile in between security tests.
A recent example demonstrating the need for companies to invest in an ongoing attack surface management solution can be found in the Fortigate CVE announced on June 13. This announcement disclosed a critical pre-authentication remote code execution (RCE) vulnerability in SSL VPN devices that affected all versions of Fortigate SSL-VPN devices and allowed unauthenticated access for RCE. The NetSPI ASM Operations team heard of this and immediately created an automatic detection to push vulnerability alerts for this CVE to our customers, expediting the discovery and remediation process.
Also, we recently upgraded our World Map view within Attack Surface Management. Many companies host assets in different countries or regions around the globe. We’ve added a “zoom in” capability which allows users to see exactly which assets are hosted in which locations. This provides an easy way for users to locate both know and unknown assets, as well as exploitable assets infringing on their attack surface.
To learn more about these updates, or other recent releases within our Attack Surface Management platform, check out our release notes, or contact us for a demo.
Penetration Testing as a Service (Resolve™)
NetSPI’s Resolve, our penetration testing as a service (PTaaS) platform, has been an industry leader for years, allowing users to visualize their test results and streamline remediation by up to 40 percent. This product remains the leader due to continued updates from our product development teams.
Our latest updates focus on tracking and trending vulnerability data, and making that data easily digestible for yourself, your team, and your executives. Our new Vulnerability Trend Dashboard allows users to build customized views to display vulnerability data however is most impactful for each audience. Filter the customized views on whatever specific time, assets, projects, or findings are most relevant for each individual, and save them to review whenever is needed.
The information shown in each view automatically updates with new vulnerability data throughout each test, ensuring the latest and greatest information is shown to streamline communication and empower teams. Users can also add additional viewers to each saved view or export the charts to streamline reporting.
If you would like to learn more, we encourage you to read our release notes, or contact us for a demo.
This blog post is a part of our offensive security solutions update series. Stay tuned for additional innovations within Resolve (PTaaS), ASM (Attack Surface Management), and BAS (Breach and Attack Simulation).
Read past solutions update blogs:
- NetSPI Attack Surface Management Updates: Portfolio Dashboard & Perceptual Hashing
- 2023 Q1 Solutions Update Blog
- 2023 Q2 Solutions Update Blog
Continual commitment to advancing your security measures is essential in the evolving threat landscape. The need for powerful offensive security has never been greater as security teams face increasingly sophisticated adversaries. NetSPI is at the forefront of this goal with a team dedicated to developing and enhancing our Breach and Attack Simulation (BAS), Attack Surface Management (ASM), and Penetration Testing as a Service (PTaaS) platforms.
Our commitment to innovation drives our product teams to work tirelessly, crafting new features and improving usability across our platforms. By listening to your feedback and conducting comprehensive interviews, we’ve gained insights into common challenges and developed solutions that empower internal teams to strengthen their offensive security.
We're excited to show the latest updates that will advance the way you approach offensive security. Explore these exciting new additions across our BAS, ASM, and PTaaS platforms below, or schedule a demo anytime to get access to a team of offensive security professionals to guide your strategy.
Breach and Attack Simulation (BAS)
NetSPI's Breach and Attack Simulation (BAS) platform puts your detective controls to the test by leveraging advanced technology and skilled penetration testers to simulate real-world attack behaviors. BAS plays a crucial role in building resilience against threats like ransomware, fraud, denial of service, information leaks, data loss, and more. The latest updates to BAS add customization options, reduce alert fatigue, and improve reporting.
Advanced Filtering
Alert fatigue poses a significant challenge today. Amidst thousands of alerts, identifying the crucial ones can mean the difference between maintaining a secure environment or falling victim to an attack.
However, with our new Advanced Filtering feature, sifting through alerts is a task of the past. You can effortlessly sort and filter data based on your priorities, such as specific threat actors, tools and malware, tested versus untested controls, and much more. The filtered information is presented in real-time charts within the platform and can be conveniently exported in CSV, JSON, and now PDF formats. Say goodbye to alert overload and embrace a streamlined approach to security management.
PDF Export
Introducing the PDF Export feature makes us proud to enable seamless communication across various teams — including engineers, analysts, executive leadership team members, and board members. It includes an executive summary alongside comprehensive details about the results of an engagement, catering to both technical and non-technical audiences, and fostering effective collaboration across divisions.
Attack Surface Management (ASM)
Attack Surface Management makes continuous external network pentesting a reality by providing ongoing asset discovery coupled with manual exposure validation all within a centralized ASM platform. What sets our ASM offering apart from other vendors is our people — a dedicated attack surface operations team that meticulously reviews, validates, and organizes the results, alleviating the burden on you and your team and focusing remediation efforts with a prioritized list. The latest updates to ASM help clients visualize their entire attack surface and sift through alerts to find meaningful ones among the noise.
Company Hierarchy Dashboard
Visualizing your attack surface can be an undertaking, especially when dealing with complex company structures, subsidiaries, divisions, or mergers and acquisitions. NetSPI's Company Hierarchy Dashboard simplifies this task.
With just two clicks, gain a comprehensive view of your entire company and entity relationships on a single screen. This powerful tool helps identify IP addresses within subsidiaries, uncover new assets, and trace their origins, enabling effective asset management and improved security posture.
Signal Dashboard
Our team introduced the Signal Dashboard so you can see all the noise our ASM operations team digs into, and how we turn that into a few actionable, validated vulnerability findings. The dashboard gives you transparency into the work going on behind the scenes on your engagement. While we don’t share all alerts immediately, they do remain accessible just in case you want to take a look.
1,000+ New Integration Capabilities
Integrations play a pivotal role in enhancing your user experience, streamlining workflows across platforms, and broadening asset discovery. Recognizing the significance of this, the Gartner® Competitive Landscape: External Attack Surface Management indicates that vendors who prioritize expanding the scope of asset discovery through deeper integrations gain a competitive edge that’s passed along to customers.
In line with this research and in response to your feedback, we’ve diligently listened and integrated the most crucial platforms, such as Jira, ServiceNow, Splunk, Microsoft Teams, GitHub, ZoomInfo, and over 1,000 others.
Penetration Testing as a Service (Resolve™)
NetSPI's Penetration Testing as a Service (PTaaS) platform Resolve™ is proven to advance vulnerability discovery and speed up remediation. Our centralized technology offers real-time reporting, trending findings data, and manual prioritization by our expert analysts. The latest updates to Resolve help clients keep track of the status of engagements and easily drill down to relevant data points.
Program Management Dashboard
Obtaining a pentest is just the beginning, but keeping tabs on its status takes vulnerability insight to a new level. Our Program Management Dashboard simplifies understanding the test statuses, remediation progress, important dates, and beyond. Bonus! We took a page out of Dominos book and built a visual tracker that brings transparency into progress throughout engagements.
Data Lab Dashboard
Introducing the revamped Data Lab Dashboard with an enhanced interface. Alongside the visual update, we expanded the capabilities, empowering security teams to construct and export personalized reports effortlessly. Simply specify the desired entity on the left, apply filters to the results grid, and drill down into more detailed information with a single click. Moreover, the data grids can be conveniently exported, providing greater flexibility in using the data.
We aim to meet you where you are by enhancing our technology to streamline your team’s work. If you have a feature request for our team, be sure to have a conversation with your Account Executive to relay the message to NetSPI's Product Team!
This article is a part of our Offensive Security solutions update series. Stay tuned for additional innovations and catch the latest updates in our platform release notes:
- Breach and Attack Simulation (BAS)
- Attack Surface Management (ASM)
- Penetration Testing as a Service (PTaaS) Resolve™
Past solutions updates:
- NetSPI Offensive Security Solutions Updates: Q1 2023
- NetSPI Attack Surface Management Updates: Portfolio Dashboard
& Perceptual Hashing
AI/ML is being rapidly adopted into many aspects of businesses. It is transforming the way we work because of its ability to reduce the efforts and costs to complete tasks, but we are only at the beginning of this technology's potential. As the adoption and use cases continue to grow, it is critical that organizations understand the unique threats that AI/ML brings along with it, along with identifying weak spots and building more resilient models.
NetSPI’s industry-leading AI/ML pentesting solution was built from decades of manual penetration testing expertise in network, application, cloud, and more, designed specifically to identify, understand, and mitigate risks of AI and ML models. This new solution allows you to improve overall resiliency to attacks and strengthen security with three unique offerings:
- The Machine Learning Security Assessment is designed to evaluate ML models, including Large Language Models (LLMs), against adversarial attacks, identify vulnerabilities, and provide actionable recommendations to ensure the overall safety of the model, its components, and their interactions with the surrounding environment.
- Our Infrastructure Security Assessment tests the surrounding infrastructure around your model. This assessment covers network security, cloud security, API security, and more, ensuring that your organization’s deployment adheres to defense in depth security policies and mitigates potential risks.
- And finally, the Web Application Penetration Testing offering evaluates the security and reliability of web applications utilizing LLMs and other machine learning integrations. Leveraging sophisticated manual processes and automated tools, we identify vulnerabilities and risks specific to LLM-integrated functionality, providing actionable recommendations to enhance security and safeguard sensitive data.
If you would like to learn more about our AI/ML Pentesting, check out our data sheet, or contact us for a demo.
This blog post is a part of our offensive security solutions update series. Stay tuned for additional innovations within Resolve (PTaaS), ASM (Attack Surface Management), and BAS (Breach and Attack Simulation).
Read past solutions update blogs:
- NetSPI Attack Surface Management Updates: Portfolio Dashboard & Perceptual Hashing
- 2023 Q1 Solutions Update Blog
- 2023 Q2 Solutions Update Blog
- 2023 June Solutions Update Blog
- 2023 July Solutions Update Blog
