We, like you, are disappointed with what the penetration testing market has to offer and we want to disrupt it! ThreatSpike Red is the first managed service for penetration testing that provides unlimited testing for an affordable, fixed price. Starting from $1,500 per month, you can enjoy unlimited penetration testing conducted by our expert team of certified testers.
With ThreatSpike Red, you can pentest your applications, identify your vulnerabilities and carry out full-scale red team exercises all year round. Your IT team will appreciate the ease and efficiency, while your auditors and management team will love the results.
Get visibility of weaknesses in your infrastructure, software, controls and processes that could allow a hacker in.
Understand the level of employee security awareness especially around social engineering techniques such as phishing.
With our fixed price, unlimited service you can repeat tests throughout the year to ensure you remain secure and compliant.
Network scanning, version identification and content discovery for attack surface mapping
Service specific checks, OWASP, application logic weaknesses
Automated scanning and testing on exposed services and applications
Assessment report followed by debrief meeting to discuss potential remediation strategies
Passive via data leaks, social media, DNS scanning and active via network mapping and enumeration
Maintain access to the environment to survive reboots or cleanup attempts
Social engineering, exploits, infostealers, remote access tools and physical entry
Compromise additional accounts, lateral movement, expand to more systems
Highly advanced adversarial simulation attempting to gain access to an organisation through cyber and physical intrusion
Penetration testing of specific systems and applications for known and non-disclosed configuration weaknesses, vulnerabilities
Penetration testing of web applications against OWASP using manual review and automated tooling to identify vulnerabilities
Penetration testing of APIs to detect weaknesses that could disclose data or compromise integrity of systems and databases
Periodic scanning of internal and Internet facing systems to detect vulnerabilities and configuration issues
Purposely staged disruption of the network to assess response procedures
Review of firewall rule sets to identify any anomalies, vulnerabilities or compliance issues
Review to confirm that systems and environments are segregated from each other for security and compliance
Review of operating system gold images to ensure they are hardened in accordance with best practices
ThreatSpike Red provides unlimited offensive security testing at a fixed price based on the size of your organisation.
Unlimited penetration tests and red team exercises
Internal, external and web application testing
Engagements led by certified specialists
Detailed finding reports
Manual and automated testing
PCI-DSS and Cyber Essentials testing
Vulnerability scanning
Monthly account meeting
If you have questions which are not featured here then please drop us an email at info@threatspike.com
Yes, this service provides unlimited penetration testing meaning you can use it to test all your infrastructure and applications. This allows you to identify your security weaknesses before a hacker does and supports you in achieving compliance with PCI-DSS, ISO 27001 and SOC 2.
A red team exercise is where we test your organisation as a whole, pretending to be a hacker and using any means we can to get in and cause damage. A big part of red team exercises is spear phishing where we carefully select and target your staff, coercing them via email, telephone or in-person, to click on simulated malware. This gives us access to a machine in the company. From there we see if we can move internally in the network and get access to sensitive data.
Our talented offensive testing team delivers the service using a combination of automated tooling and manual analysis. Our team is comprised of computer science graduates who have been through our intense training academy and shadowed experienced testers on real-life engagements.
Pentesting companies traditionally charge $2000+ per day forcing customers to de-scope and keep engagements short in order to avoid high costs. At the same time these companies keep their testers highly utilised which impedes learning and research. Pentesters also regularly run off-the-shelf vulnerability scanners which limits findings. By comparison we offer testing on a continuous basis which provides customers with maximum visibility. We use industry standard and in-house developed tools and encourage our staff to undertake regular training, carry out research and apply creativity to each engagement.