Pen Testing As a Service (PTaaS)

Automated Penetration Testing As-a-Service

Automate - Test - Secure - Repeat

Discover IT.ie’s, Automated Network Penetration Testing. State-of-the-art cyber defense, monthly testing, detailed analytics, and expert-driven reports. Secure your network today!

Automated Pen Testing As-a-Service (PTaaS)

Penetration Testing

Penetration testing, also referred to as pen testing is a standard approach to quantifying and identifying such vulnerabilities across an organisation. The test will usually try to simulate a real-life threat and demonstrate how a system would hold up against such a threat.

By assessing if an IT System is susceptible to a cyber-attack, you will be able to plan, repair and strengthen your organisation’s infrastructure defences against such attack.

An internal pen test is undertaken within an organisation’s network, searching for vulnerabilities from within. An external pen test is performed remotely, with an ethical hacker looking for security vulnerabilities in internet-facing assets such as FTP and mail servers.

IT.ie are proud to partner with Kayseya to deliver a revolutionary solution that allows you to have a full-blown penetration test every month, instead of just once a year.

Validated by Experts

Combining the knowledge, skills, logic, and toolsets of numerous consultants into one, PenTest is the perfect solution to consistently satisfy your organisation’s needs for quality results.

Real Time Tracking

An important step to assessing your organisation’s risk is the ability to detect and respond to malicious activities occurring within your environment. PenTest creates a separate log ﬁle for every single activity that is performed so you can correlate our activities with your monitoring and logging solutions.

Meet Compliance & Best Practices

By having the ability to perform a quality network penetration test whenever you want and however often you want, your organisation can be assured that it will continuously meet security best practices and compliance regulations.

Modern, Efficient PenTesting

Our modern approach to network penetration testing is tailored to be efficient, scalable, and affordable. We provide continuous, regular testing options, allowing your business to keep pace with the latest cybersecurity threats. IT.ie’s service makes it simple to schedule tests, track your organisation’s security status, and observe improvements over time.

Automated Network Penetration Testing by IT.ie

Stay ahead of cyber threats with IT.ie’s Automated Network Penetration Testing. Our advanced system offers a quick and easy setup – just deploy, click, and your network is being tested. This service is designed to mimic real-world cyber attacks, providing a comprehensive assessment of your network’s vulnerabilities.

Real-time Visibility and Control

With IT.ie, you gain unparalleled visibility into your network’s security status. Our real-time activity logs provide detailed insights into what’s happening on your network during the penetration test. This feature is vital for identifying gaps in your existing security monitoring controls.

Vulnerability Testing Vs Pen Testing

ON-DEMAND RISK MANAGEMENT

Conduct monthly security assessments to understand your risks to cyber attacks in near real-time.

Traditional assessments only allow organisations to demonstrate a point-in-time snapshot of the environment. IT.ie automated PTaaS enables monthly or on-demand risk management by allowing organisations to perform a full-scale network penetration tests with a few clicks. The platform measures the effectiveness of compensating controls through its exploitation techniques while minimising risk through the implementation of compensating controls.

COMPLIANCE READINESS

Conduct monthly security assessments to understand your risks to cyber attacks in near real-time.

With IT.ie, meet compliance requirements with more scheduling flexibility and real-time alerts. We provide more flexibility in schedule, alerting, real-time activity tracking, as well as segmentation testing to confirm isolation of sensitive networks. In addition to ensuring compliance readiness, IT.ie automated PTaaS also tests for security deficiencies that deviate from security best practices.

Penetration Testing

Automated Pen Testing Solves Today's Challenges

Companies face some of the following challenges when looking for a qualified provider:

01

Seeking a provider that is available to perform the penetration test.

02

Interviewing the consultants to ensure their experience is advanced.

03

Ensuring the provider doesn’t sell a vulnerability assessment as a penetration test.

Hoping communication is consistent and frequent to ensure knowledge transfers between consultants and the primary point of contact.

04

Quality deliverables that effectively communicate what vulnerabilities were identified, what risk it presents to the organisation, as well as how to remediate those vulnerabilities from a technical and strategic standpoint. The list goes on!

05

Our partners at Kaseya have spent years developing a solution to solve all of these challenges.

Sample Technical Report

Sample Remediation Report

EGRESS FILTERING TESTING

Automatically perform egress ﬁltering to ensure that your organisation is effectively restricting unnecessary outbound trafﬁc. Unrestricted outbound access can allow a malicious actor to exﬁltrate data from your organisation’s environment using traditional methods and unmonitored ports..

AUTHENTICATION ATTACKS

Upon the discovery of user account credentials, our Pen Testing will automatically attempt to validate those credentials and determine where they are most useful. This is a common process executed by both malicious attackers and penetration testers and is performed during privilege escalation.

PRIVILEGE ESCALATION & LATERAL MOVEMENT

Using a valid set of credentials, our Pen Testing will attempt to identify valuable areas within your organisation. This is conducted through a variety of methods, including the use of our partner providers Leprechaun tool which assists in identifying where sensitive targets are.

DATA EXFILTRATION

Critical data leaving your organisation is an extremely serious concern. If access to conﬁdential and/or sensitive data can be attained, PenTestIT will simulate and log this activity to help your organization tighten areas that should restrict data exﬁltration.

SIMULATED MALWARE

With elevated access, our Pen Testing will attempt to upload malicious code onto remote systems in an attempt to test the organisation’s end-point anti-malware controls.

TIMELY REPORTING

Our Pen Testing generates an executive summary, technical and vulnerability report within 48 hours after the penetration test is complete. Our detailed deliverables will allow your network staff to cross reference our activities with monitoring and alerting controls.

Need Help?

FREQUENTLY ASKED QUESTIONS

How does vPenTest differ from a vulnerability assessment?

A vulnerability assessment simply informs an organization about the vulnerabilities that are present within their environment. However, a vulnerability assessment
does not attempt to exploit those vulnerabilities to determine the potential impact of successfully exploiting those vulnerabilities. This is not a flaw with vulnerability scanners; they just simply aren’t designed to do this.
Pen Testing As-a-Service differs in that it is able to perform exploitation and post-exploitation techniques to demonstrate to customers how successfully exploiting a vulnerability could potentially lead to further access to systems and/or confidential data within their environment.

What are some types of exploitation and post-exploitation techniques that it tries?

Pen Testing As-a-Service attempts to perform SMB relay attacks, man-in-the-middle attacks, cautiously executed DNS poisoning attacks, hash cracking, password dumping and retrieval, and more. These are the exact same techniques executed during a manual penetration test, except much faster.

Does Pen Testing As-a-Service cover MITRE ATT&CK types?

The platform does indeed actually replicate some of the attacks documented in
the MITRE ATT&CK framework, although the reporting structure does not currently
include references to the framework at the moment.

What is considered an IP address?

Anything that has an IP address on the network. This includes phones, network
devices, printers, IP cameras, etc.
While many individuals may believe that excluding devices such as printers may be
necessary to preserve IP addresses, it should be noted that any device on a network
could present a risk to the environment.

What is the biggest difference with Pen Testing As-a-Service compared to a traditional penetration test?

Traditional penetration tests are extremely time consuming, whereas Pen Testing As-a-Service can run numerous tools simultaneously, wait for them to complete, automatically analyze the results, and determine its next move. This saves a significant amount of time from simply running one command at a time. Furthermore, Pen Testing As-a-Service reduces the time spent reporting from 6 hours (average between reporting, QA, etc.) to less than a minute. That’s a 29,900% speed increase per assessment that it saves.

Is Pen Testing As-a-Service geared more towards web app pen tests or network system pentest?

Pen Testing As-a-Service is focused strictly on network security pentests, including Hostthe following a Discoveryctivities:/Info Gathering: Discovering systems on the network
environment based on the IP addresses provided to Pen Testing As-a-Service.

Host Discovery/Info Gathering: Discovering systems on the network
environment based on the IP addresses provided to vPenTest.
Authentication-based attacks: It will attempt to login to network services
to authenticate, such as POP3, Telnet, SMB (and active directory), FTP, etc. to
gain access to data and systems. It will also try to determine where any newly
captured credentials work as well. It’ll also use OSINT information to construct
usernames for these password attacks.
Man-in-the-middle attacks: This includes SMB relay attacks, DNS poisoning,
ARP poisoning, with the intent of capturing credentials (hashed and/or cleartext)
Exploitation & Post Exploitation: Including uploading files that would provide
access via a shell, enumerating AD group memberships to look for elevated
access, enumerating shares, etc.

If you scan an entire subnet range, will the whole range count against my IP address limit?

No. If you provide a /24, for example, and there are only 5 live systems within that
network, then your IP address count will only be reduced by 5.
Pen Testing As-a-Service does not consider the range, or location(s) included in the
assessment when it comes to the IP address count. The only thing that matters is the
number of systems that are actually active within the environment.

Do you recommend excluding certain devices?

No. Every device that has an IP address could potentially present a risk to the
environment at some point in time, depending on their functionality. Even some of
the devices that appear to pose the smallest risk to the environment could potentially
be used by an attacker.

We'd love to hear from you

Contact Us

If you would like to talk to us or just have a question about any of our services, please don’t hesitate to contact us and we’ll get right back to you.