2 April, 2024 – NetSPI, the proactive security solution, has announced its achievement of CBEST accreditation, marking a significant milestone in its commitment to delivering high-value penetration testing and red teaming services. CBEST, set by the Bank of England, represents one of the most rigorous security standards in the financial services industry. NetSPI’s accreditation places it among the top echelons of security testing organisations across the globe. 

To obtain CBEST accreditation, organisations must undergo a series of intensive evaluations, including  proven capability in delivering red teaming exercises that simulate real-world cyber attacks for the world’s leading financial institutions. NetSPI’s success in this accreditation underscores its dedication to maintaining the highest standards of security testing and validation. 

“Securing CBEST accreditation is a testament to NetSPI’s unwavering commitment to excellence in cybersecurity,” says Nick Walker, Regional Leader of EMEA at NetSPI.  “CBEST accreditation is not just a badge of honour; our team has demonstrated exceptional skill, expertise, and professionalism throughout this rigorous process, reinforcing our position as a trusted partner for organisations seeking to safeguard their critical assets proactively,” 

“From conducting mainframe testing, which is rare yet vital for financial organisations, to addressing supply chain vulnerabilities, NetSPI’s comprehensive approach to cybersecurity ensures that financial institutions – and their customers, partners, suppliers and the whole ecosystem – are equipped to navigate the evolving threat landscape with resilience and confidence,” says Giles Inkson, Director of Services EMEA at NetSPI. 

NetSPI’s accreditation further strengthens its position as a preferred security partner for the world’s most trusted brands, including top international banks, leading cloud providers, healthcare companies, and Fortune 500 organisations. With a unique blend of dedicated security experts, intelligent processes, and advanced technology, NetSPI empowers businesses to proactively discover, prioritise, and remediate security vulnerabilities, ensuring they can operate with confidence in an increasingly complex threat landscape. 

The accreditation puts NetSPI in good stead, as many other countries and industries have adopted similar approaches based on CBEST’s principles, such as the CSP (SWIFT’s Customer Security Programme). Additionally, NetSPI is already TIBER framework (Threat Intelligence-Based Ethical Red Teaming) and DORA framework (Detection of Operational Risks and Assets) ready, demonstrating NetSPI’s alignment with global cybersecurity standards and best practices. 

Genuine cyber resilience requires a comprehensive and ongoing commitment from organisations and is being reinforced by regulators to promote operational resilience of the financial market infrastructure. Firms that have taken part in the latest CBEST cycle will have the necessary robust remediation plans in place to address cyber resilience issues.

About NetSPI 

NetSPI is the proactive security solution used to discover, prioritise, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most. 

Leveraging a unique combination of dedicated security experts, intelligent process, and advanced technology, NetSPI helps security teams take a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.

NetSPI goes beyond the noise to deliver high impact results and recommendations based on business needs, so customers can protect their priorities, perform better, and innovate with confidence. In other words, NetSPI goes beyond for its customers, so they can go beyond for theirs.

NetSPI secures the most trusted brands on Earth, including nine of the top 10 U.S. banks, four of the top five leading cloud providers, four of the five largest healthcare companies, three FAANG companies, seven of the top 10 U.S. retailers & e-commerce companies, and many of the Fortune 500.

NetSPI is headquartered in Minneapolis, MN, with offices across the U.S., Canada, the UK, and India. Follow NetSPI on LinkedIn and X.

The post NetSPI Achieves Prestigious CBEST Accreditation, Solidifying Its Position as a Trusted Leader in Financial Services Security Testing appeared first on NetSPI.

+++

Breach and Attack Simulations (BAS) solutions assess the effectiveness of an organization’s security posture, by mimicking real-world cyber-attack techniques. This highlights vulnerabilities that can be found within an organization, enabling them to be addressed and mitigated before a real attack can take place. The best Breach and Attack Simulation solutions can simulate cutting edge cyber-attack methodologies to provide a comprehensive report into the resilience of your cybersecurity strategy.

Breach and Attack simulations solutions typically operate in three stages. First, simulation and testing, which can involve red teaming, penetration testing and vulnerability scanning, often leveraging the MITRE ATT&CK framework -a global database of cyber-criminal tactics and techniques. Second, reporting and evolution, which involves detailed insights and actionable recommendations for improving network security strategies. Finally, implementation and ongoing evolution, where recommendations are implementing, and continuous evaluations take place to mitigate any other vulnerabilities which may arise.

There are many benefits to implementing a robust Breach and Attack Simulation solution. The recommendations they can provide to improve your security strategy can massively reduce your risk of data compromise, which can be extremely expensive and hugely damaging to brand reputation. BAS tools can also be important to qualify for cyber-insurance policies, and to meet compliance criteria.

For these reasons, there has been increased demand for BAS and the market has become competitive. To help you find the right tool, we have curated a list of the top 10 Breach and Attack Simulation solutions. This guide delves into their key features, such as threat emulation, reporting granularity, and ease of integration, all based on our comprehensive market research.

NetSPI Breach and Attack Simulation

NetSPI provide a broad spectrum of penetration testing, attack surface management, and breach and attack simulation services. Their approach blends technological advancements with the expertise of global cybersecurity professionals. The company’s main office is in Minneapolis, MN, but they have a global presence with offices in the U.S., Canada, the UK, and India.

NetSPI offers a comprehensive detective control platform that allows organizations to design and execute tailored procedures. This platform, complemented by their professional pen-testers, emulates genuine attack behaviors, thereby rigorously testing detective controls. Their services help organizations fortify their defenses against threats like ransomware, data loss, fraud, and information leaks. They meticulously validate various controls such as endpoint, network, and Active Directory controls, among others. They also pinpoint detection shortcomings, from disabled or misconfigured controls to gaps in the kill chain.

Results come with comprehensive descriptions, actionable recommendations, and resource links, allowing easy comprehension and replication. Their real-time dashboards help businesses gauge their security stance, benchmark against peers, and discern their security ROI. NetSPI’s platform, combined with their expert teams and tested methodologies, equips organizations to enhance their resilience against potential threats, fostering informed decision-making and bolstering defense mechanisms.

You can read the full article at https://expertinsights.com/insights/top-10-breach-and-attack-simulation-solutions/!

The post Expert Insights: Top 9 Breach And Attack Simulation Solutions appeared first on NetSPI.

Minneapolis, Minnesota – March 19, 2024 – NetSPI, the proactive security solution, today announced that it has been named a top workplace in the U.S. by Energage, a leading provider of technology-based employee engagement tools. Winners are selected based on an anonymous third-party employee survey that measures several aspects of workplace culture, including alignment, execution, and connection.  

“Culture is something we take very seriously at NetSPI. To be recognized by Energage for a third consecutive year is a true testament to our people and their dedication not only to innovation and customers, but our workplace overall,” said Aaron Shilts, CEO of NetSPI. “Organizations are challenged to do more with less, especially when it comes to cybersecurity – creating an increased need for technology that is proactive, efficient, and effective. Our team quickly rose to the occasion, helping NetSPI customers identify more than 17,000 critical issues in the last year alone, while bolstering their overall security posture.” 

This recognition comes on the heels of NetSPI achieving 42% organic growth and increasing its internal headcount by 26% in 2023. Prompted by continuous hiring and the need for an office that fosters collaboration and innovation, NetSPI also moved its headquarters to The Steelman Exchange building in North Loop, Minneapolis.  

“Culture is vital to long-term success, and what we’ve built over the last few years is worth celebrating,” said Heather Crosley, Vice President of People Operations at NetSPI. “As we scale, our employees continue to see value in our organization’s execution and ability to openly share their creative ideas in a collaborative, inclusive environment.” 

Top Workplaces USA celebrates organizations with 150 or more employees that have built great cultures. While more than 42,000 organizations were invited to participate, only 1,100 organizations have been honored with the award this year. 

For more information about NetSPI, please visit www.netspi.com.

About NetSPI 

NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most to them. Leveraging a unique combination of advanced technology, intelligent process, and dedicated consultants, NetSPI helps security teams take a proactive approach to cybersecurity with more clarity, speed, and scale than ever before. 

NetSPI goes beyond the noise to deliver high impact results and recommendations based on business needs, so customers can protect their priorities, perform better, and innovate with confidence. 

NetSPI secures the most trusted brands on Earth, including nine of the top 10 U.S. banks, four of the top five leading cloud providers, four of the five largest healthcare companies, three FAANG companies, seven of the top 10 U.S. retailers & e-commerce companies, and many of the Fortune 500.  

NetSPI is headquartered in Minneapolis, MN, with offices across the U.S., Canada, the UK, and India. Follow NetSPI on Facebook, X, and LinkedIn. 

About Energage

Making the world a better place to work together.^TM 

Energage is a purpose-driven company that helps organizations turn employee feedback into useful business intelligence and credible employer recognition through Top Workplaces. Built on 14 years of culture research and the results from 23 million employees surveyed across more than 70, 000 organizations, Energage delivers the most accurate competitive benchmark available. With access to a unique combination of patented analytic tools and expert guidance,Energage customers lead the competition with an engaged workforce and an opportunity to gain recognition for their people-first approach to culture. For more information or to nominate your organization, visit Energage or Workplaces. 

NetSPI Media Contacts: 

Tori Norris, NetSPI
victoria.norris@netspi.com
(630) 258-0277 

Jessica Bettencourt, Inkhouse for NetSPI 
netspi@inkhouse.com  
(774) 451-5142 

The post NetSPI Recognized as a Top USA Workplace for 2024 appeared first on NetSPI.

Minneapolis, Minnesota – March 13, 2024 – NetSPI, the proactive security solution, announced it has been named a Leader and Fast Mover in the 2024 GigaOm Radar Report for Attack Surface Management (ASM). NetSPI’s ASM solution received exceptional ratings for its asset discovery, vulnerability assessment, and ability to offer granular findings and comprehensive results that go above and beyond for its customers. 

The digital landscape is continuously evolving resulting in a rapidly expanding attack surface. It has never been more critical for businesses to have visibility into their exposures, making ASM solutions necessary to mitigate risks and proactively improve security posture. The GigaOm report examines 22 of the top ASM vendors and compares their offerings against capabilities (table stakes, key features, and emerging features) and non-functional requirements (business criteria) to help decision-makers determine the solutions that best meet their needs.

“As the attack surface continues to expand, our ability to discover, prioritize, and remediate security vulnerabilities and exposures of the highest importance allows our customers to protect what matters most to them and their customers,” said Vinay Anand, Chief Product Officer at NetSPI. “GigaOm’s recognition of NetSPI as a Leader in this year’s ASM Radar Report validates our proactive approach to cybersecurity and further supports our commitment to developing solutions that are powered by innovative technology and triaged by our security experts.” 

The report states, “NetSPI stands out for its sophisticated approach to asset discovery and vulnerability assessment” and reinforces its “commitment to innovation with its comprehensive and sophisticated approach to ASM.” Additionally, NetSPI’s unique blend of technology and its security experts were highlighted as a key advantage in accurate risk assessment. The analysts write, “The platform’s active assessment of vulnerabilities is bolstered by powerful automations, complemented by the human creativity of consultants, resulting in a nuanced identification of true risk.” 

Learn more about NetSPI’s ranking in the GigaOm Radar Report here, or schedule a demo to see NetSPI ASM in action today. 

About NetSPI

NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most to them. Leveraging a unique combination of advanced technology, intelligent process, and dedicated consultants, NetSPI helps security teams take a proactive approach to cybersecurity with more clarity, speed, and scale than ever before. 

NetSPI goes beyond the noise to deliver high impact results and recommendations based on business needs, so customers can protect their priorities, perform better, and innovate with confidence. In other words, NetSPI goes beyond for its customers, so they can go beyond for theirs. 

NetSPI secures the most trusted brands on Earth, including nine of the top 10 U.S. banks, four of the top five leading cloud providers, four of the five largest healthcare companies, three FAANG companies, seven of the top 10 U.S. retailers & e-commerce companies, and many of the Fortune 500.  

NetSPI is headquartered in Minneapolis, MN, with offices across the U.S., Canada, the UK, and India. Follow NetSPI on Facebook, X, and LinkedIn.

Media Contacts:  
Tori Norris, NetSPI 
victoria.norris@netspi.com 
(630) 258-0277 

Jessica Bettencourt, Inkhouse for NetSPI 
netspi@inkhouse.com 
(774) 451-5142 

The post NetSPI Named a Leader in 2024 GigaOm Radar Report for Attack Surface Management  appeared first on NetSPI.

• What is External Attack Surface Management?
• Beyond Asset Discovery: How External Attack Surface Management
  Prioritizes Vulnerability Remediation
  • Why Asset Discovery Isn’t Enough
  • Using an EASM Platform for Prioritized Vulnerability Remediation
• The Role of EASM in Continuous Threat Exposure Management (CTEM)
  • According to Gartner, there are 5 Phases of Continuous Threat
    Exposure Management
  • External Attack Surface Management Supports Scoping,
    Discovery, and Prioritization
• How External Asset Surface Management Relates to Penetration Testing
• Manage Your Growing Attack Surface with NetSPI ASM

External Attack Surface Management (EASM) accelerated to the frontline of proactive security — and for good reason. The technology creates a comprehensive view of a company’s external assets by mapping the internet-facing attack surface to provide better insight into changes and where to focus the attention of security teams. Gartner wrote a report that explains EASM in-depth, including why asset discovery is the tip of the EASM iceberg, and how EASM support Continuous Threat Exposure Management.¹ 

What is External Attack Surface Management? 

External Attack Surface Management provides an outside-in view across a company’s attack surface to reveal assets and potential exposures. Focusing on external attack surfaces brings the greatest security value to organizations because of the sprawling growth of external attack surfaces. In fact, 67% of organizations have seen their attack surfaces expand in the last two years.² 

EASM is useful in identifying unknown assets and providing information about the organization’s systems, cloud services and applications that are available and visible in the public domain and therefore could be exploited by an adversary. 

According to Gartner, “Common EASM capabilities include:  

• Performing external asset discovery of a variety of environments (on-premises and cloud).  
• Continuously discovering public-facing assets as soon as they surface on the internet and attribute those assets to the organization (commonly using proprietary algorithms) for a real-time inventory of assets. Examples of public-facing assets are IP, domains, certificates and services.  
• Evaluating if the assets discovered are risky and/or behaving anomalously to prioritize mitigation/remediation actions.” 

Beyond Asset Discovery: How External Attack Surface Management Prioritizes Vulnerability Remediation 

Given the inevitable sprawl of attack surfaces, many companies are embracing External Attack Surface Management solutions to discover their full scope of assets and prioritize critical remediations. 

Asset discovery is an important capability to have, and one that’s helping to drive the adoption of external attack surface management. That said, asset discovery is only one aspect of effective EASM.  

Why Asset Discovery Isn’t Enough 

While asset discovery is an important and complex step, by itself, it’s not a comprehensive measure to advance security posture. 

According to the Gartner report: 

“In order to be more actionable, EASM needs to support data integration and deduplication of findings across systems, automation of assigning the asset/issues to the owner of the remediation process and tighter integration with third party systems. These include ticketing systems, security information and event management (SIEM), security orchestration, automation and response (SOAR), configuration management database (CMDB), and vulnerability assessment tools. Some EASM provides remediation steps and guidance on prioritized issues, a dashboard to track the remediation progress, or the creation of playbooks.” 

For attack surface management to effectively improve an organization’s offensive security program, it must incorporate vulnerability prioritization and remediation tracking as well, such as with NetSPI ASM. 

See what NetSPI ASM can do for your security by watching an on-demand demo of NetSPI’s solution.

Using an EASM Platform for Prioritized Vulnerability Remediation 

Taking a penetration testing engagement from start to finish requires many phases, including steps for remediation. Tests often result in a lengthy list of vulnerabilities that are ranked by severity. At NetSPI, our differentiator is the people behind our platform. Our human team of proactive security agents has deep cross-domain experience with manual analysis of vulnerability findings to validate their potential risk to a business. This context limits false positives, reducing noise and helping security teams respond more effectively. 

Automation is a vital capability, both for asset discovery and vulnerability remediation. But when human-driven noise reduction is involved, it creates the strongest attack surface possible. 

The Role of EASM in Continuous Threat Exposure Management (CTEM)

Gartner states:  

“CTEM is defined as a set of processes and capabilities that allows enterprises to continually and consistently evaluate the accessibility, exposure and exploitability of an enterprise’s digital and physical assets. It is composed of phases — scoping, discovery, prioritization, validation and mobilization — and underpinned by a set of technologies and capabilities, of which EASM is one. CTEM is different from risk-based vulnerability management (RBVM) in that the latter is an evolution of traditional vulnerability management, while CTEM is the wider process around operating and governing overall exposure. It includes solving the identified vulnerabilities as well as optimizing processes in the future so that the vulnerabilities do not resurface. 

EASM is foundational to CTEM for two reasons. First, it provides continuous and improved visibility into assets that organizations have less control over, such as SaaS applications and data held by supply chain partners and suppliers. Second, it assesses and prioritizes resources in mitigating/remediating issues that attackers are most likely to exploit and therefore benefits organizations during the first three phases of CTEM: scoping, discovery and prioritization.”

According to Gartner, there are 5 Phases of Continuous Threat Exposure Management: 

1. Scoping 
2. Discovery 
3. Prioritization 
4. Validation 
5. Mobilization 

External Attack Surface Management Supports Scoping, Discovery, and Prioritization 

External Attack Surface Management assists in the first three phases of CTEM: scoping, discovery, and prioritization by supporting businesses through the inventory of known digital assets, continuous discovery of unknown assets, and human intelligence to prioritize severe exposures for timely remediation.  

Let’s look deeper at the first three phases in CTEM: 

• Scoping: Identifies known and unknown exposures by mapping an organization’s attack surface. 
• Discovery: Uncovers misconfigurations or vulnerabilities within the attack surface. 
• Prioritization: Evaluates the likelihood of an exposure being exploited. NetSPI ASM combines technology innovation with human ingenuity to verify alerts and add the necessary context to prioritize remediation efforts. 

In some cases, such as with NetSPI, proactive security companies take this a step further by also performing penetration testing on the identified vulnerabilities to validate they are vulnerable and to prove exploitation.

How External Asset Surface Management Relates to Penetration Testing 

The Gartner report explains: 

“EASM can complement penetration testing during the information gathering phase about the target (finding exploitable points of entry). The convergence between penetration testing and EASM will become more prominent as automated penetration testing solutions continue to emerge. 

Most penetration testing performed today is human-driven, outsourced and conducted annually (making it a point-in-time view), which is why the automated penetration testing market has emerged. Although automated penetration testing is an emerging market on its own, some vendors have already added EASM and vice versa. This is because vendors that started in the automated penetration testing market were initially only doing automated network penetration testing and not external testing. Technologies such as EASM, DRPS, BAS and automated penetration testing can collectively provide organizations with a realistic view of the full attack surface within their environment. This lets organizations test what they can or cannot prevent and detect, as well as determine how they would respond in the event of an attack. Therefore, the convergence of these technologies can better support organizations in their CTEM program.”

Manage Your Growing Attack Surface with NetSPI ASM 

NetSPI is recognized as a Sample Vendor in the Security Testing category offering EASM. We believe NetSPI Attack Surface Management solution combines cutting-edge technology with extensive proactive security expertise to provide the richest insight into the attack surface. Our team and tools empower security staff to protect an ever-expanding number of assets and address vulnerabilities with prioritized remediation actions. By making the external attack surface as difficult to penetrate as possible, companies prevent more attacks before they even start, further improving the effectiveness of security teams. 

Ready to bring proactive insights to your attack surface? Learn more about advancing your security program by talking with our team.

Gartner Objectivity Disclaimer

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. 

The post NetSPI’s View on the 2023 Gartner® Competitive Landscape: External Attack Surface Management Report  appeared first on NetSPI.

Minneapolis, MN – February 14, 2024 – NetSPI, the proactive security solution, today welcomes Jim Pickering as EVP of Global Sales to further scale its sales team and accelerate the company’s product growth. NetSPI saw exponential growth in product sales in 2023 and is well poised to exceed its strategic growth goals moving forward. 

Jim has decades of experience building and leading enterprise sales teams in the cybersecurity industry. As a global business leader, he has earned an impressive track record for leading several companies through acquisitions, IPO, and funding rounds, including Swimlane, Infoblox, Fortinet, Netscreen/Juniper, Verisign, and Savvis. At these companies, Jim catapulted ARR and achieved double- and triple-digit annual revenue growth. 

“NetSPI exists to secure the most trusted brands on Earth. With Jim spearheading go-to-market efforts, we have an opportunity to make an even greater impact by delivering our proven proactive security solutions to more organizations across the globe.” shared Alex Jones, Chief Revenue Officer at NetSPI. “Jim has already embraced our customer-first mindset, and we cannot wait to see the impact he will make on our sales team.” 

“NetSPI is an absolute unicorn. The fact that the team was able to grow revenue 42% and win over 400 new logos in 2023’s down economy is beyond impressive,” said Jim. “But what truly compelled me to join NetSPI is the strong culture and its commitment to deliver real solutions to real problems in the industry. Proactive security products that help defend today’s enterprises are paramount for the future.” 

Connect with Jim on LinkedIn. Learn more about NetSPI’s achievements and momentum in its latest press release, NetSPI Achieves 42% Growth in 2023, Increasing Efficiency and Effectiveness of Customer Security Programs.  

About NetSPI 

NetSPI is the proactive security solution used to identify, protect, detect, and respond to security vulnerabilities of the highest importance, so businesses can protect what matters most. Leveraging a unique combination of advanced technology, intelligent process, and dedicated security experts, NetSPI helps security teams take a proactive approach to cybersecurity with more clarity, speed, and scale than ever before.  

NetSPI goes beyond the noise to deliver high impact results and recommendations based on business needs, so customers can protect their priorities, perform better, and innovate with confidence. In other words, NetSPI goes beyond for its customers, so they can go beyond for theirs.  

NetSPI secures the most trusted brands on Earth, including nine of the top 10 U.S. banks, four of the top five leading cloud providers, four of the five largest healthcare companies, three FAANG companies, seven of the top 10 U.S. retailers & e-commerce companies, and many of the Fortune 500.   

NetSPI is headquartered in Minneapolis, MN, with offices across the U.S., Canada, the UK, and India. Follow NetSPI on LinkedIn and X.

The post NetSPI Hires EVP of Global Sales to Support Demand for its Proactive Security Solutions appeared first on NetSPI.

Read on for the highlights or watch the webinar for the full conversation.

What is Proactive Security?  

Tim explains that in terms of proactive security, the approach involves considering the continuity beyond isolated engagements, such as performing an external penetration test. Given that a penetration testing engagement typically lasts for a few days to a couple weeks, the question arises: What measures are in place during the remaining 50 weeks of the year?  

With your attack surface expanding and the perimeter continually evolving, your security controls face relentless scrutiny. Gaining insight into external-facing assets, vulnerabilities, and exposures presents a noisy and time-consuming challenge for security teams. Furthermore, even upon identifying validated vulnerabilities, ensuring that your security stack effectively detects and mitigates them poses another hurdle.

External pentesters have a knack for identifying anomalies that might otherwise go unnoticed. Seizing such opportunities becomes pivotal, as these anomalies could potentially lead to breaches. Therefore, the focus with proactive security lies in outpacing cyber threats. The relentless nature of SOC work underscores the need for constant vigilance. The objective is to streamline this mindset, ensuring that critical issues are promptly addressed to optimize efficiency and minimize time waste. 

You may find yourself considering these common questions about your organization’s security stance:  

1. Where are my vulnerabilities?  
2. Can I maintain continuous awareness of them?  
3. What aspects can I monitor effectively, and is my team equipped to respond promptly?  

These are key questions to surface internally to help define a path forward toward proactive security.

Watch the Q&A on Proactive Security 

Watch the full webinar with Aaron and Tim!  

Tim’s impressive background in various security roles, coupled with his extensive experience in hacking diverse systems, adds depth and expertise to the discussion. Take the next step in enhancing your organization’s security posture by contacting NetSPI for a consultation. 

The post Annual Pentest? Done. How Proactive Security Covers the Other 50 Weeks in a Year  appeared first on NetSPI.

Minneapolis, MN – January 31, 2024 – NetSPI, the proactive security solution, today announced another monumental fiscal year, achieving 42% year-over-year growth in 2023. This growth is attributed to the company’s unique ability to integrate its advanced technology, intelligent processes, and dedicated consultants, which together, contextualize the security vulnerabilities that matter most to customers. Powered by these capabilities, NetSPI identified 8,500 vulnerable entry points and more than 17,000 critical issues for its customers in 2023 alone. 

Through continued innovation and dedication to its customers, NetSPI added more than 400 new logos to its roster in 2023, a more than 30% year-over-year increase. The company also increased its internal team by 26%, which included strategically expanding in the Europe, the Middle East, and Africa (EMEA) market. 

“In today’s turbulent market, organizations are being asked to do more with less, and as a result, cybersecurity is often sacrificed. But it doesn’t have to be this way,” said Aaron Shilts, CEO of NetSPI. “Through our proactive security solutions, we’re delivering greater operational efficiency and security program effectiveness to our customers, prioritizing the vulnerabilities that truly impact the business and scaling alongside them. This allows our customers to innovate with confidence and protect the trust they’ve built with their customers.” 

Throughout the year, NetSPI unveiled strategic partnerships and innovations that further cemented the company as a leader in proactive security. Notable milestones include: 

Introducing a First-of-its-Kind AI/ML Penetration Testing Offering 

As artificial intelligence (AI) became more ingrained in business operations over the past year, NetSPI listened to customer needs and launched a first-of-its-kind AI/ML Pentesting solution. It focuses on two core components: Identifying, analyzing, and remediating vulnerabilities on machine learning (ML) systems such as Large Language Models (LLMs), and providing advice and real-world guidance to ensure security is considered from ideation to implementation.  

Launching a Cyber Protection Partnership with Chubb 

NetSPI strategically partnered with Chubb, a leading publicly traded property and casualty insurance company, to strengthen customer cyber-risk profiles via advanced attack surface management and penetration testing solutions. The collaboration provides Chubb customers with peace of mind, enabling them to identify vulnerabilities, security issues, and exposure to risk before it escalates into a claim. 

Embracing the Power of BAS and ASM 

NetSPI’s Breach and Attack Simulation (BAS) and Attack Surface Management (ASM) experienced significant momentum in 2023, with increased customer adoption and continuous development of both solutions. By leveraging insights based on intelligence gathered from thousands of pentests, combined with the company’s deep-rooted understanding of tactics, techniques and procedures (TTPs) used in the wild, NetSPI BAS and ASM are continuously updated, complimenting PTaaS to ensure full proactive security coverage.  

In 2023, the BAS platform was recognized as the “Breach and Attack Simulation Solution of the Year” by the Cybersecurity Breakthrough Awards and as the “Cutting Edge Breach & Attack Simulation” by Cyber Defense Magazine’s Top InfoSec Innovators Awards. These recognitions further prove the value of in-depth detective control validation, as well as the impact continuous testing can have on organization and the industry overall. 

Scaling the NetSPI Partner Program to New Heights 

In 2023, NetSPI achieved a 31% year-over-year increase in partner-sourced revenue and more than doubled the number of partners in its program. To meet the increased interest and nurture existing relationships, NetSPI has added four new channel experts to help lead the Partner Program, including Steve Baral, Vice President of Strategic Alliances and MSSP.  

Moving to New HQ to Accommodate Growth 

Prompted by increasing employee headcount and the need for a more collaborative workplace as the company continues to experience rapid adoption, NetSPI moved its headquarters to the Steelman Exchange building in North Loop, Minneapolis. The larger, dynamic space will support NetSPI’s growth as it enters a momentous year. 

For more information about NetSPI’s proactive security solutions, visit www.netspi.com.   

About NetSPI 

NetSPI is the proactive security solution used to discover, prioritize, and remediate security vulnerabilities of the highest importance, so businesses can protect what matters most to them. Leveraging a unique combination of advanced technology, intelligent process, and dedicated consultants, NetSPI helps security teams take a proactive approach to cybersecurity with more clarity, speed, and scale than ever before. 

NetSPI goes beyond the noise to deliver high impact results and recommendations based on business needs, so customers can protect their priorities, perform better, and innovate with confidence. In other words, NetSPI goes beyond for its customers, so they can go beyond for theirs. 

NetSPI secures the most trusted brands on Earth, including nine of the top 10 U.S. banks, four of the top five leading cloud providers, four of the five largest healthcare companies, three FAANG companies, seven of the top 10 U.S. retailers & e-commerce companies, and many of the Fortune 500.  

NetSPI is headquartered in Minneapolis, MN, with offices across the U.S., Canada, the UK, and India. Follow NetSPI on Facebook, X, and LinkedIn.  

NetSPI Media Contacts:
Tori Norris, NetSPI
victoria.norris@netspi.com
(630) 258-0277

Jessica Bettencourt, Inkhouse for NetSPI
netspi@inkhouse.com
(774) 451-5142

The post NetSPI Achieves 42% Growth in 2023,  Increasing Efficiency and Effectiveness of Customer Security Programs appeared first on NetSPI.

What to Look for When Evaluating External Attack Surface Management Providers  

To simplify the process of evaluating attack surface management vendors, we’ve identified five important criteria to look for when comparing different companies.  

1. Proven Reputation and Third-Party Validation 

Vendors new to the attack surface management space may not have enough experience tailoring their platform for greater business needs. Selecting a tenured vendor with a history in ASM can offer benefits such as streamlined processes, quick access to support teams, and proven methods to improve security. 

Look for attack surface management providers that have received recognition from trusted third parties such as Gartner® or Forrester. Expert analysts at these and other research and advisory firms perform a factual review of information from technology providers to recognize solutions that demonstrate innovation.

As part of this research, Forrester included NetSPI in its External Attack Surface Management Landscape Report featuring top EASM vendors, and Gartner featured NetSPI in its EASM Competitive Landscape Report.

Gartner shared the following about NetSPI in the report:

NetSPI differentiates by combining its ASM capability with its human pentesting expertise. This is achieved via the attack surface operations team, who manually test and validate the exposures found. As a result, it reduces alert fatigue and false positives, while providing customers only the critical and high exposures relative to their organization, as well as the support on how to remediate said exposures.

2. Critical Functionality 

Depending on your business needs and use cases for choosing an ASM platform, some functionalities may be more important than others. 

In The External Attack Surface Management Landscape, Q1 2023, Forrester listed several core functionalities to look for in attack surface management platforms, including:

• External/internet-facing asset discovery 
• Asset identification 
• Asset and business relationship mapping 
• Active and passive vulnerability scanning 
• Open ports and services monitoring 
• URL and IP range tracking 
• Certificate monitoring 
• Exposure/risk prioritization 
• Custom dashboarding and reporting  

3. Screenshots and Software Demos of the Platform  

Trusted attack surface management providers have screenshots of the platform readily available so prospective customers can see what the platform and key functionalities look like firsthand.

In addition to screenshots, having the option to take an ASM platform for a test drive through a guided demo or webinar is an important step before selecting an ASM vendor. This option can enable your team to experience the platform, ask specific questions about capabilities, and better understand feature differentiators between tools.

4. Human Analysis and Guidance  

In addition to advanced functionality, human analysis and expertise is essential to take into consideration when evaluating attack surface management companies. With human analysis, the vendor’s ASM operations team manually reviews and validates findings to reduce false positive alerts and minimize disruptions to business operations as a result. The team also helps by answering any questions that come up related to findings and providing guidance for remediation. 

One challenge businesses often face is that security or IT teams need to hire a dedicated employee to manage an ASM solution on top of investing in the solution itself, which drives up costs including hiring, training, and salary. In fact, our 2023 Offensive Security Vision Report found that one of the greatest barriers to improved offensive security is a lack of resources.  

With a user-friendly ASM platform powered by human expertise, an entire team is available to triage alerts, so you don’t need to add additional responsibilities or headcount to your team.

5. Simple Onboarding  

Some attack surface management companies require time-intensive setup and onboarding, which can take several hours of your team’s time and can push back the timeline of full platform implementation by weeks.

As you consider different ASM platforms, look for one with a streamlined or automated onboarding process, on-demand training materials, a user-friendly design, easy to digest dashboards, and human support as-needed during the onboarding process. Seamless onboarding can help ensure you start off on the right foot with an ASM vendor and accelerate time to value.

Types of Attack Surface Management Vendors 

A few different types of ASM vendors are available:

Human-Based

With this type of ASM vendor, expert human pentesters conduct penetration testing and vulnerability assessments to test the external network, typically on a quarterly basis. 

Pure Technology-Driven

Technology-driven ASM solutions involve tools or scanners that review the full attack surface (aka the assets a business has on the Internet) and use scores to prioritize and remediate impactful findings.  

Hybrid

A hybrid approach involves combining both human intuition and analysis with advanced, automated technology to more effectively identify vulnerabilities and filter prioritized alerts. 

Partnering with a hybrid ASM vendor is the most impactful option because it enables verified prioritization of results to ensure only the most relevant alerts are delivered, resulting in the best ROI on your cybersecurity investment.

Questions to Ask Attack Surface Management Vendors 

To effectively evaluate an ASM solution and select the right partner that aligns with your business requirements, develop a standardized list of questions to ask each vendor before making a decision.

Questions to consider asking include: 

• Do you offer a human-based, technology-driven, or hybrid approach to attack surface management? 
• How often are tests conducted? 
• Do you offer continuous pentesting? If so, how do you approach it? 
• How broad and up-to-date is the data?  
• How soon do new assets appear and get recognized by the ASM tool? 
• Do you support exposure remediation once vulnerabilities are discovered? How? 
• Do I have access to all of my scan data if needed?  
• What does the onboarding process look like? How much time is required of my team?  
• What’s your process for managing and prioritizing alerts? 
• How will you help me understand the most critical assets or vulnerabilities on my attack surface? 
• What are the critical risk factors most likely to impact the business?  
• Who are the potential attackers threatening my business?  
• Which vulnerabilities are the most important to prioritize with remediation?  
• Which exposures are threat actors most likely to exploit? 

Partner with NetSPI for the Most Comprehensive ASM Capabilities  

The right attack surface management provider can help your organization more effectively manage your attack surfaces and quickly identify and remediate vulnerabilities.
If you’re looking for an ASM platform that includes all the criteria listed above – and more – NetSPI has you covered. We created our attack surface management platform based on three essential pillars of ASM—human expertise, always-on, continuous pentesting, and risk prioritization.

Some of the benefits of selecting NetSPI as your attack surface management provider include:  

• Simple setup and onboarding  
• Comprehensive asset discovery  
• Manual triaging of exposures  
• Prioritized alerts 

Learn more about how we can improve your offensive security together by watching a demo of our ASM platform. Also take our free attack surface management tool for a test drive and search more than 800 million public records for potential attack surface exposures.

The post 5 Criteria for Evaluating External Attack Surface Management Vendors appeared first on NetSPI.

+++

Today’s security teams are witnessing a rising number of vulnerabilities, and to make matters worse, the majority of them are going unpatched — leading to critical breaches that cost organizations millions.

Unpatched vulnerabilities account for 60% of all data breaches, and according to the NIST National Vulnerability Database, vulnerability counts have steadily increased year-over-year for the past five years — showing no signs of slowing down.

The main reason for this steady incline is that organizations do not understand the basics of their attack surface. Additionally, too much of the burden has been put on CISOs. This pressure, in combination with the ongoing talent shortage facing the cybersecurity industry, has driven CISOs to say: “I’ll manage the fires when they come up. I can’t do anything to prevent them now.” However, with proper guidance and resources, that statement is simply untrue.

You can read the full article here!

The post SC Media: Three ways enterprises can activate vulnerability prioritization appeared first on NetSPI.