One of the best ways for organizations to get an idea of their network vulnerabilities is to hire penetration testers to come in and perform real attacks against their network, only without the added malicious payloads that most attacks entail. The military does this with their so-called red team exercises, and if the penetration testers are highly skilled or even ex-hackers, they can help you to learn a lot about where your network is most vulnerable.
There are two major problems withpenetration testing, and one annoyance. In terms of problems, the first is that penetration testing is almost impossible to scale. Human testers can only go so quickly, and even in relatively long engagements where they might work for a week attacking a friendly network, they are only going to be able to access a small part of most enterprises. Second, because they can’t work continuously, it exposes organizations to a lot of risk between testing. In terms of the annoyance, they are expensive, with the best testing teams costing upwards of $100,000 or more per engagement.
John Breeden II / IDG
The platform is automated, but because humans are watching over everything, users can request specific testing parameters, like no testing on Friday, or staying away from certain systems, and the human staff will configure ImmuniWeb accordingly.
The ImmuniWeb suite aims to be a sort of penetration testing platform that anyone can use and afford. They do this by automating almost all of the penetration testing, while keeping a staff of experts on hand all the time to help out if the platform gets stuck or encounters something new. As the humans fix the problem, the program watches what they do and uses machine learning to reprogram itself so it won’t get stuck again. Humans are also called if ImmuniWeb encounters something that it suspects is a vulnerability, but isn’t completely sure. In that case, humans must either verify the vulnerability or reject it. High-Tech Bridge guarantees that no customer will ever receive a false positive from their testing. If they do, they get their money refunded.
Pricing is reasonable compared with hiring full teams of human penetration testers. Available as an on-demand service, a monthly subscription starts at $999.Testing ImmuniWeb
The installation process for the ImmuniWeb platform is almost non-existent. Potential customers visit the High-Tech Bridge website and answer a series of questions about their network and the types of testing they are interested in having performed. Users can then select a payment option and type out any specific requests for the test, such as not doing any testing on certain days, not testing against SQL, or whatever they need. Speaking to a live human is also an option, though we didn’t find it to be necessary during our testing.