Introducing PTaaS+: Decreasing Your Organization’s Time to Remediation
NetSPI is focused on creating the next generation of security testing. Our Penetration Testing as a Service (PTaaS) delivers higher quality vulnerabilities, in less time than any other provider and we are now expanding these benefits into your remediation lifecycle.
This month we’re expanding your options with our PTaaS+ plan, which focuses on vulnerability management and remediation. With our base PTaaS plan, we deliver vulnerabilities the same day they are found, now with PTaaS+ you and your team are empowered to act upon and begin remediating them immediately, decreasing your time-to-remediation by up to 1 month for high severity issues. A couple key features contribute to this new functionality:
On average, we report over 50 vulnerabilities on a regular web application test, that number jumps above 700 when we perform external network testing. When receiving so many vulnerabilities, making sense of it all can be a full-time job before you even get to remediating them. With PTaaS+, we offer a free integration with Jira or Service Now to easily get the vulnerabilities into your tools and into the remediator’s hands on day zero. Integrations into additional ticketing systems are also available, and integrations into all your vulnerability scanners is available in PTaaS Pro!
Remediation Assignments & SLAs
After receiving a large number of vulnerabilities, the first step is assigning a due date for remediation based on vulnerability severity. PTaaS+ allows each severity to be assigned a timeframe in which it must be remediated from the delivery date. NetSPI’s standard recommendation is:
- Critical – 30 days
- High – 60 days
- Medium – 90 days
- Low – 365 days
However, these can customized to fit your organization’s policies. Additionally, with PTaaS+, you can assign vulnerabilities to specific users, letting you track and delegate vulnerabilities throughout the remediation lifecycle.
After delivering vulnerabilities, one common point of discussion is NetSPI’s severity rating vs. an organization’s internal vulnerability rating. Every organization rates vulnerabilities differently and to help with that, PTaaS+ allows you to provide an assigned severity to all vulnerabilities, from which your remediation due dates can be calculated. Both NetSPI’s and your severities will be maintained for auditing and future reporting.
After you have a handle on your remediation processes, you can start looking for trends to ensure fewer vulnerabilities next year. PTaaS+ grants you access to NetSPI’s Data Lab which allows you to analyze and trend vulnerabilities across all your assessments with NetSPI. Popular data lab queries include:
- Riskiest asset in your environment
- Most common vulnerability across your company
- Top OWASP categories
More features are coming to PTaaS+ in the future, all focused on helping you understand and remediate your vulnerabilities. If you’re interested in expanding this functionality to cover all vulnerabilities in your environment, not just those found by NetSPI, contact us to learn more about PTaaS Pro.