Table of Contents
- Summary
- Market Categories and Deployment Types
- Key Criteria Comparison
- GigaOm Radar
- Vendor Insights
- Analyst’s Take
- Methodology
- About Chris Ray
- About GigaOm
- Copyright
1. Summary
Penetration testing has long been a technique used by organizations to find vulnerabilities in their systems and applications, enabling them to improve practical security outcomes, satisfy customer requests for third-party attestation, support M&A due diligence activity, and meet regulatory requirements. The value derived from penetration testing is significant, illuminating previously unknown weaknesses and granting security teams the ability to shore up defenses.
There are challenges with a legacy penetration testing (“pen test”) approach, however. Legacy pen tests often leverage the expertise of just one or two penetration testers (“pen testers”), which can limit the type or overall quality of the pen test. Because of the limited pool of pen testers found at most legacy pen testing service providers, scheduling can often require weeks or months of lead time. Moreover, it can be several weeks before the report containing all of the findings from the pen test is ready for delivery.
Penetration testing as a service (PTaaS) builds on the efficacy of penetration testing methods and adds modern SaaS-like features, such as an interface that clients access to review centralized findings—vulnerabilities that have been exploited, potentially in real time, direct communications with pen testers, standardized testing methods, and integrations with other technologies.
While pen testing is quite mature, the PTaaS space is young. For this reason, the definition of PTaaS—and PTaaS solutions—will likely evolve over the next few years as the space matures.
This GigaOm Radar report highlights the various PTaaS vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating PTaaS Solutions,” we describe in more detail the key features and metrics that are used to evaluate vendors in this market.
How to Read this Report
This GigaOm report is one of a series of documents that helps IT organizations assess competing solutions in the context of well-defined features and criteria. For a fuller understanding, consider reviewing the following reports:
Key Criteria report: A detailed market sector analysis that assesses the impact that key product features and criteria have on top-line solution characteristics—such as scalability, performance, and TCO—that drive purchase decisions.
GigaOm Radar report: A forward-looking analysis that plots the relative value and progression of vendor solutions along multiple axes based on strategy and execution. The Radar report includes a breakdown of each vendor’s offering in the sector.
Solution Profile: An in-depth vendor analysis that builds on the framework developed in the Key Criteria and Radar reports to assess a company’s engagement within a technology sector. This analysis includes forward-looking guidance around both strategy and product.