We often get asked if Intruder performs automated pen-tests, and our answer is always the same: "What are you looking for exactly? The reason we ask for clarification is because ‘penetration testing’ is an umbrella term that is used to encompass a range of cyber security assessments.
Here at Intruder we offer automated vulnerability scanning and manual penetration tests; so when it comes to "automated pentests" it's worth clarifying your objectives so we can ensure we're recommending the best service for you.
Automated vulnerability scanning
Our primary focus here at Intruder is continuous automated vulnerability scanning. The objective of this tool is to identify weaknesses in your system.
Each and every time you run a scan with Intruder, your targets are checked for thousands of known vulnerabilities. Any issues found are then published in a report, along with a carefully curated description and practical remediation advice. The results are extrapolated further in the portal dashboard, where you can see the threat level; hygiene score and exposure over time; as well as a list of all checks run, including those that passed, failed or were filtered as noise.
As this is an automated tool, scans can take as little as 15 minutes to complete or upwards of several hours and is available on a monthly or annual subscription.
Manual penetration testing
Penetration tests on the other hand are a one-off assessment designed to identify and exploit weaknesses in your system as a way to measure their inherent risk.
Whilst it is possible to automate some of the penetration testing process, there are certain activities that necessitate the discerning eyes (and mind) of a human. By leveraging the expertise of a penetration tester, clients can rest assured that their systems have been stress-tested for weaknesses not discoverable by machines, but still exploitable by hackers.
The bespoke approach to testing means that issues are always reported in context of the real impact that their exploitation would pose to the business. Along with a severity rating, the reports contain detailed descriptions, evidence and remediation advice. As part of the process, the client is invited to re-submit their system for testing post-remediation, so that they can receive a final bill of health.
Depending on the scope, these tests can take upwards of four days to complete and pricing runs into the thousands.
[Page from a sample Penetration test report]
Conclusion
Whilst some companies do offer automated pen-testing tools we would contest that they do not yet supersede the manual assessments conducted by qualified professionals.
For that reason, we will continue to offer penetration tests via our consultative service and vulnerability scanning via our automated tool; with a third option for those looking for manual verification of their automated checks available via our Vanguard Plan.
If you're still unclear on how it all works, feel free to pop your head into the chatbot and a member of the team will be along to help.