When we set out to build a PTaaS or continuous pentest offering for Raxis, we had a lot of concerns around reducing quality and the impact that would have on our customers. To resolve this, we took the best parts of our traditional pentesting service and combined them with the best features of both PTaaS and continuous pentesting.
Our PTaaS process begins by establishing the baseline. We start with a traditional penetration test and provide recommendations to improve your security. This is the same full pentest that we perform on your entire scope if you currently use our stand-alone annual pentest. We’ll work closely with you to remediate any findings to ensure your network is protected before starting the monitoring process.
Next, we’ll configure our anomaly detection software to scan your network for changes and emerging threats. We may request that you whitelist our IP addresses to ensure that we are not blocked by our repeated scans. In the event a security risk is uncovered, our anomaly detection software will evaluate the risk for severity and potentially route to a Raxis pentesting engineer that is best matched to the finding. Every finding and the current status of the PTaaS operation is visible at all times within Raxis One.
The incremental pentest stage activates if our anomaly detection engine determines that a risk exists. If it’s a false positive, we will notate that in Raxis One, and you won’t hear from us. In the event that the finding poses a significant threat, we will immediately notify you of the potential threat and then perform a pentest against the specific element to determine credibility. As with our other pentests, this incremental pentest will include a proof of concept with screenshots and remediation recommendations to help you stay secure.
Sometimes you’ll need a pentest done to get a major change approved and released to production. Raxis PTaaS works similar to our competitors in the sense that you can quickly schedule a pentest to be done in just a few days using a pre-defined cost, while retaining the quality of career professional, US based pentesters. In addition, Raxis PTaaS moves as fast as a bug bounty program, without the privacy concerns.