Continuous Testing
Modern pen tests often produce such a high volume of results that the information becomes unmanageable for large organisations. The CNS Continuous Testing Service works by first establishing a base line by conducting a full manual penetration test. The network is then monitored for changes, at a rate determined by the client (daily, weekly, monthly etc.). Any changes are then manually tested and the results updated. The client can also request retests or new tests on demand, to validate fixes or changes. As well as monitoring for change, the system is intelligent enough to monitor existing results for new vulnerabilities that then require re-testing (e.g. if a new vulnerability comes out in the version of an OS).
At any stage the client can generate formal reports, XML files (for import into ticketing systems or other risk systems), CSV files for excel and a selection of other formats. The client can choose to report on all hosts or just a subset. At all stages the client is in full control. This offers the client the best parts of both automated and manual testing, producing a continuous and long term, technical risk identification and management system.