Trustwave, a leading provider of information security and compliance solutions, announced the release of PenTest Manager, an online portal that changes the status quo of penetration test deliverables. PenTest Manager offers enterprise clients the ability to manage all forms of penetration tests in real-time, and view live detailed test results and recommendations. PenTest Manager delivers rich media demonstrations of evidence gathered in penetration tests, offering customers insight that was previously unavailable.
Penetration Testing, or ethical hacking, helps ensure proper security controls are in place to protect an organization from attack by cyber criminals hoping to steal valuable information and cause business disruption. PenTest Manager provides users with at-a-glance views of projects, test status and findings to manage application, network, physical and wireless penetration tests, performed by Trustwave’s advanced security team, SpiderLabs®.
The rich vulnerability evidence provided by PenTest Manager includes image slideshows and screen capture videos displaying how each vulnerability is exploited. This proof of exploitation shows executives and security staff the true impact of each vulnerability in a way traditional reports cannot. No other testing team allows clients to “look over the shoulder” of an ethical hacker in this manner as they expose weaknesses in critical systems.
In addition to rich evidence, detailed reporting and recommendations are provided to help clients secure the tested environment. Unlike traditional PDF-based reports, PenTest Manager allows customers to search current and historical vulnerabilities, and track remediation efforts.
To ensure that application vulnerabilities don’t leave gaping holes for intruders, virtual patches for Web Application Firewalls (WAF) are custom-built by SpiderLabs, specific to each exploitable vulnerability. This minimizes the vulnerability of applications as developers fix the underlying software issues.
“The nature of the PenTest Manager encourages collaboration between the CISO and the testers, which can end up leading to more penetration testing requests rather than fewer,” said Wendy Nather, senior analyst, Enterprise Security Practice, The 451 Group. “By consolidating testing details, findings, mitigation and remediation tasks across multiple layers, a product like this can enrich the ongoing conversation between an MSSP and its clients.”
“Rather than tracking findings in the typical PDF reports and spreadsheets, we give customers one centralized database to manage their vulnerabilities,” said Robert J. McCullen, chairman and CEO of Trustwave. “The way PenTest Manager delivers evidence provides real business value that solves a CISO’s problems while reducing costs with a portal-based management interface, which is what customers really need in their security solutions.”
Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today’s challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper® compliance management software and other proprietary security solutions including SIEM, EV SSL certificates and secure digital certificates. Trustwave has helped thousands of organizations-ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com