GigaOm Radar for Penetration Testing as a Servicev1.01

1. Summary

Penetration testing has long been a technique used by organizations to find vulnerabilities in their systems and applications, enabling them to improve practical security outcomes, satisfy customer requests for third-party attestation, support M&A due diligence activity, and meet regulatory requirements. The value derived from penetration testing is significant, illuminating previously unknown weaknesses and granting security teams the ability to shore up defenses.

There are challenges with a legacy penetration testing (“pen test”) approach, however. Legacy pen tests often leverage the expertise of just one or two penetration testers (“pen testers”), which can limit the type or overall quality of the pen test. Because of the limited pool of pen testers found at most legacy pen testing service providers, scheduling can often require weeks or months of lead time. Moreover, it can be several weeks before the report containing all of the findings from the pen test is ready for delivery.

Penetration testing as a service (PTaaS) builds on the efficacy of penetration testing methods and adds modern SaaS-like features, such as an interface that clients access to review centralized findings—vulnerabilities that have been exploited, potentially in real time, direct communications with pen testers, standardized testing methods, and integrations with other technologies.

While pen testing is quite mature, the PTaaS space is young. For this reason, the definition of PTaaS—and PTaaS solutions—will likely evolve over the next few years as the space matures.

This GigaOm Radar report highlights the various PTaaS vendors and equips IT decision-makers with the information needed to select the best fit for their business and use case requirements. In the corresponding GigaOm report “Key Criteria for Evaluating PTaaS Solutions,” we describe in more detail the key features and metrics that are used to evaluate vendors in this market.