NetSPI is the global leader in offensive security, delivering the most comprehensive suite of penetration testing, attack surface management, and breach and attack simulation solutions. Through a combination of technology innovation and human ingenuity NetSPI helps organizations discover, prioritize, and remediate security vulnerabilities.
We maintain a leadership position in the industry by listening to client feedback, analyzing industry trends, and investing in breakthrough technology developments. Over the last few months, our development teams have been busy, and are excited to introduce a variety of new features and capabilities across our Breach and Attack Simulation, Attack Surface Management, and Penetration Testing as a Service (PTaaS) solutions.
Breach and Attack Simulation (BAS)
Companies often spend thousands, even millions, of dollars on detective controls. However, very few validate the effectiveness of these solutions. After initial testing, NetSPI Breach and Attack Simulation (BAS) data shows that on average 80 percent of common attack behaviors are missed by traditional EDR, SIEM and MSSP out-of-the-box solutions… YIKES!
NetSPI’s BAS is designed specifically with this use case in mind, evaluating the effectiveness of detective controls and equipping security professionals with easily digestible and actionable KPIs. The latest updates to our BAS platform include:
- 185 new Living Off the Land Binaries and Scripts (LOLBAS) plays designed to validate detective controls and measure KPIs with more detail than ever before.
- 8 new Advanced Plays, which deliver extreme playbook customization and allow teams to create and simulate almost any scenario they can come up with.
In summary, we have added more common and customizable plays to Evaluate detective controls, Educate on attack behaviors, and Enable SOC teams with actionable information to make fact-based decisions and improve resilience where it is needed most.
Attack Surface Management (ASM)
NetSPI’s Attack Surface Management (ASM) helps security teams manage risk by providing an ongoing external view and personalized risk assessment of an organization’s attack surface, assets, and risk profile in between security tests.
A recent example demonstrating the need for companies to invest in an ongoing attack surface management solution can be found in the Fortigate CVE announced on June 13. This announcement disclosed a critical pre-authentication remote code execution (RCE) vulnerability in SSL VPN devices that affected all versions of Fortigate SSL-VPN devices and allowed unauthenticated access for RCE. The NetSPI ASM Operations team heard of this and immediately created an automatic detection to push vulnerability alerts for this CVE to our customers, expediting the discovery and remediation process.
Also, we recently upgraded our World Map view within Attack Surface Management. Many companies host assets in different countries or regions around the globe. We’ve added a “zoom in” capability which allows users to see exactly which assets are hosted in which locations. This provides an easy way for users to locate both know and unknown assets, as well as exploitable assets infringing on their attack surface.
Penetration Testing as a Service (Resolve™)
NetSPI’s Resolve, our penetration testing as a service (PTaaS) platform, has been an industry leader for years, allowing users to visualize their test results and streamline remediation by up to 40 percent. This product remains the leader due to continued updates from our product development teams.
Our latest updates focus on tracking and trending vulnerability data, and making that data easily digestible for yourself, your team, and your executives. Our new Vulnerability Trend Dashboard allows users to build customized views to display vulnerability data however is most impactful for each audience. Filter the customized views on whatever specific time, assets, projects, or findings are most relevant for each individual, and save them to review whenever is needed.
The information shown in each view automatically updates with new vulnerability data throughout each test, ensuring the latest and greatest information is shown to streamline communication and empower teams. Users can also add additional viewers to each saved view or export the charts to streamline reporting.
This blog post is a part of our offensive security solutions update series. Stay tuned for additional innovations within Resolve (PTaaS), ASM (Attack Surface Management), and BAS (Breach and Attack Simulation).
Read past solutions update blogs: