Trustwave Automates Penetration Testing With Cloud Service
Humans come together with automation for Trustwave's new penetration-testing security analysis service.In the security market, penetration testing is a time-honored practice that typically requires a lot of time to organize, schedule and manage. Security vendor Trustwave is now aiming to change the delivery model for penetration testing with a managed security testing service that is provisioned from the cloud, but still includes the use of human intelligence. The managed security testing service enables enterprises to schedule their own tests via the cloud, Trustwave Director Charles Henderson told eWEEK. "Penetration testing has traditionally been a vendor-driven prospect," Henderson said. "In the legacy model, you are consuming the penetration test on the vendor's terms from scheduling all the way on down." The Trustwave approach is about giving enterprises the ability to control and manage the penetration-testing process. Henderson said the testing is comprehensive and blends human intelligence with automated processes. Automated security scanning is nothing new, and the security market is littered with solutions that will scan for vulnerabilities. Henderson argued that the managed security service and true penetration testing are not the same as simple automated security scanning. Business logic flaws are something that the humans that are part of the managed security testing service can find that automated scanning alone cannot.
"Application scanning only looks for programmatic errors," Henderson said. "There are a lot of vulnerabilities that are fundamental flaws that are not driven by a true programmatic error."