Offensity RED

With Offensity RED we continuously identify vulnerabilities in medium-sized and large companies. Our automated continuous vulnerability monitoring Offensity serves as a basis. The results of the automation serve as a first stepping stone to finding further issues. Our security experts search for business-critical security risks four days a month. Advice and recommendations are provided in monthly two-hour collaboration calls.

Our expert team consists of experienced and internationally awarded penetration testers. Advice and recommendations are provided via telephone - directly with our security expert.

The problem

The tasks of daily operations and a lack of security specialists entail the risk of overlooking business-critical vulnerabilities. IT departments struggle under difficult conditions:

• Historically grown IT infrastructures
• Heterogeneous systems
• Legacy systems
• Low safety awareness of the employees

These conditions often impede the timely identification and assessment of security risks. New vulnerabilities suddenly turn old systems into a security risk and present IT departments with urgent and important tasks:

1. informing about newly published vulnerabilities
2. assessment of criticality and exploitability
3. survey of the systems concerned
4. prioritizing measures
5. implementation of measures

The extensive number of tasks of daily operations and the lack of security know-how infer a high risk for errors. There is a great risk of overlooking newly published vulnerabilities (1). In large infrastructures with conventional vulnerability scanners, it can take several days to weeks to identify affected systems (3). Assessment of criticality and exploitability (2), as well as prioritization of measures (4), require in-depth expertise.

Our solution

We complement our continuous and automated security monitoring solution Offensity with four days per month of manual vulnerability assessment and two hours of consulting. The manual vulnerability assessment with Offensity, as a basis, offers our customers the following advantages:

• identification of complex attack scenarios
• consideration of the individual customer infrastructure
• assessment of the actual exploitability of vulnerabilities
• vulnerability detection with authenticated users and roles

In comparison to external penetration testing teams, our security experts rely on a lot of preparation and preliminary work through automated tests and other internal tools. The available time is used most efficiently.

In monthly collaboration calls, we offer individual advice, recommendations and support in prioritizing measures. The customer also determines what the focus will be in the upcoming manual vulnerability analysis. Our customers can choose between multiple approaches:

• audit of the external (accessible from the Internet) IT infrastructure
• auditing of the internal IT infrastructure (e.g. client networks)
• Phishing or Spear Phishing simulations with employees

Conclusion

Offensity RED improves IT security in complex and large infrastructures:

• Continuously searching for exploitable security vulnerabilities and risks
• Tight collaboration with external security experts to identify, prioritize and eliminate risks
• Measurable long-term improvement of IT security