NetSPI is an enterprise security testing and attack surface management provider that partners with nine of the top 10 U.S. banks, three of the world’s five largest healthcare companies, the largest global cloud providers and many of the Fortune 500. The company offers Penetration Testing as a Service (PTaaS) through its Resolve platform, powered by experts that perform manual penetration testing of application, network, and cloud attack surfaces, testing over 1 million assets to find 4 million unique vulnerabilities.
The company has experienced success in North America as well as in Europe, Middle East and Africa (EMEA). We sat down with NetSPI’s newly appointed Managing Director of EMEA, Steve Bakewell, to learn more about the power of PTaaS, the security implications of hybrid work and what’s next for NetSPI in EMEA.
What is Penetration Testing as a Service (PTaaS)?
Businesses are always-on, and as security should enable the business, it needs to be aligned. PTaaS is the model NetSPI has chosen to deliver our portfolio of penetration testing services in an iterative and programmatic manner. Powered through NetSPI’s Resolve platform, customers can orchestrate and manage their penetration testing program at a cadence that suits their operational tempo. Whether it’s scoping and prioritizing tests, communicating directly with NetSPI’s expert team of penetration testers, accessing real-time results during the test or integrating with service management and GRC tooling to get the right data in front of the right people for faster decision-making. PTaaS enables customers to mature their security testing program and move towards continuous security improvement.
Why is penetration testing so critical in the current era of hybrid work?
I’ve just come from that world in my previous role and saw the impact the pandemic had on remote working. Overall, the pandemic and hybrid working enforced a level of change in such a short period of time, forcing businesses to find ways to continue operating efficiently and effectively. However, hybrid working increases risks both on the client side, as remote workers create new entry points to the corporate network, particularly where they use non-corporate devices. Then on the server-side, we’re seeing a substantial increase in the attack surface, including the increased take-up of cloud services. From a security testing perspective, there is a substantial amount of ground to cover, from network to cloud, as well as Attack Surface Management (ASM). Penetration testing, managed through a platform like Resolve, provides a way to help organizations reduce the risks of hybrid working by enabling an increased level of testing in a frictionless way.
What is your top tip for organizations looking to improve their cybersecurity efforts?
Take a risk-based approach appropriate to the business environment you are working to support. When you have implemented controls to mitigate risks, a key component of your security strategy should be to test them regularly and iteratively. The reason, of course, is change. Threats change, technology changes and even the regulatory environment changes. Change is good as it can drive the business forward but conversely, change introduces risk and this is something we need to manage on an ongoing basis. Having up-to-date evidence from your security testing program not only validates your risk assessments are correct but confirms your controls are effective against the latest attack techniques used by attack groups as well as malware and ransomware strains. These data points are extremely valuable in assessing your overall security posture.
NetSPI is widely known in North America, and is gaining traction in EMEA. Can you tell us more about NetSPI’s expansion into EMEA?
NetSPI works with many global Fortune 500 companies, major commercial banks as well as the defense industry in EMEA. Our team has experienced a record increase in demand from EMEA organizations looking to improve their security testing programs with a company that can offer a wide set of offensive security services underpinned by innovative technology. So, I’ve recently joined the NetSPI team alongside my colleagues, Steve Armstrong and Eric Graves, to continue fueling growth in the region.
On a personal level, while the penetration testing industry is highly competitive, I feel NetSPI has the right pedigree and offers the right mix of automation alongside our world-class penetration testers. This has allowed NetSPI to build an amazing customer roster and open itself up to an immense opportunity to serve EMEA with the best offensive security offering on the market.