A new approach to perimeter security
- Cuts expenses
- Detects the most serious vulnerabilities
- Frequent and regular
- Requires a lot of labour, time and resources
- Detects the majority of all vulnerabilities
- Applied 1–2 times per year
Value for business
Continuous monitoring accelerates remediation of vulnerabilities, even after changes to the infrastructure.
The service covers a range of tasks: from perimeter scanning, to enhancing cybersecurity awareness of employees, to simulating DDoS and APT attacks.
Outsourcing and partial automation reduce costs while maintaining high quality inspections.
The customers choose the scope of tasks that meets their needs and specifies the frequency of their application.
We conduct over 70 complex projects per year for clients from the financial, e-commerce, oil and gas, finance technologies, media and other industries.
Our experts discover new vulnerabilities in products developed by large vendors and are honorary mentions in in the Hall of Fame at Yandex and Mail.ru.
We regularly learn about new methods employed by cybercriminals from the APT attack investigation team, so our checks are very close imitations of real combat conditions.
Our experts have internationally recognized certification from well-known centres: Offensive Security, EC-Council, (ISC)2, SANS.
Continuous Penetration Testing (CPT)
Continuous external IT perimeter monitoring as a service
Manual and automatic checks
Quick vulnerability detection and mitigation
Preparing staff for attack mitigation
Comprehensive checks for maximum coverage
Change management and assessment
We monitor the IT perimeter for any changes and conduct targeted penetration testing of new applications, updates for websites and service versions.
Result: vulnerabilities are detected faster — risks associated with unknown gaps are reduced.
Automated scanning of the external perimeter and applications
Perimeter security is maintained using state-of-the-art tools from leading vendors. Program reports are processed manually: we filter out false positives and vulnerabilities that cannot be exploited.
Result: easily identifiable critical flaws without the heavy costs.
Scout for new nodes on the external perimeter
We employ open-source intelligence to regularly check for any omitted assets: websites with outdated information, servers with dated and vulnerable software, domains leading to IP addresses that you no longer own.
Result: all assets under the supervision of administrators — less chance of an attack or damage to reputation.
Training your employees to detect phishing, respond to network overloads and mitigate targeted attacks: we conduct mock phishing campaigns, simulate hacker activity and DDoS attacks.
Result: employees are equipped to distinguish fraudulent emails, while the security service apply their know-how to deal with real attackers.
All results presented on a single platform
BI.ZONE Penetration Testing Unit is accredited by CREST — the international cybersecurity association.
BI.ZONE expert services are in full compliance with ISO 9001 and ISO 27001.