Managed Security Testing


GTIS Managed Security Testing reveals your vulnerabilities and alerts you to the consequences of exploitation. Data security teams need to know what they’re protecting and what they’re protecting it from to make good risk management decisions and technology investments. Security testing helps businesses identify their network-connected assets, learn how those assets are vulnerable to attack, and understand what could happen if those assets were compromised.

Businesses use GTIS Managed Security Testing as a single platform for all of their managed vulnerability assessment, database security testing, network penetration testing, and application penetration testing needs.


The right security test at the right time through one vendor without the hassle.

Managed Security Testing from GTIS SpiderLabs® allows IT and information security teams to take a programmatic approach to vulnerability management through managed vulnerability scanning across databases, networks and applications, as well as, in-depth manual penetration testing of networks and applications.

Now more than ever, businesses realize the need for pro-active security testing, and budgets are increasing as a result. Still, planning for and procuring security testing presents a number of challenges:

  • Anticipating future testing needs
  • Conducting testing in a timely manner
  • Making testing an efficient, business-as-usual initiative rather than an obstacle
  • Getting high quality testing across multiple asset types
  • Standardizing repeatable testing/reporting across asset types
  • Fulfilling compliance requirements
  • Effectively managing multiple tests, and re-testing, over the course of the year


Keep pace with business demands

Data security leaders know that if security is an obstacle, the business will find ways around it. GTIS’s 2014 Security Pressures Report states that four out of five IT professionals report being pressured to roll out IT projects despite security concerns. Adapt quickly to change and keep up with business demands without leaving security considerations behind. Managed Security Testing’s flex-spend model allows you to earmark budget for testing, and then consume testing funds at a moment’s notice.

Make budget planning easier and operationalize testing costs

Many IT security professionals know that they will need security testing throughout the year, but not exactly how much. Managed Security Testing’s pre-scoped scans and tests, cost transparency and flex-spend consumption model make planning easier and more precise. You define your security budget and then allocate it as you see fit. With quarterly payments, penetration testing becomes a predictable operating expense that can be built into your budgets.

Get testing right when you need it, minus the hassle

Avoid lengthy negotiations and contracts held up in legal with Managed Security Testing’s flex-spend model. Enroll a target in testing in minutes and schedule a test with just two weeks’ lead time in fewer than five clicks.

Re-test and validate fixes at no extra cost

Maintenance tests included with any penetration test will re-evaluate findings, wherever possible, to provide evidence of remediation and mitigation actions and support fulfillment of compliance requirements.

Standardize scalable, repeatable scanning and testing

You’ll know exactly what to expect from Managed Security Testing across your databases, networks and applications with clear pricing and pre-defined scoping. Consolidate management and reporting with a single pain of glass, rather than juggling multiple inconsistent report formats and tracking spreadsheets.

Establish or maintain compliance

Standards, such as the PCI DSS, require vulnerability scanning and penetration testing of in-scope network environments and applications. Managed Security Testing helps fulfill PCI DSS requirements, such as 6.6 and 11.3, and provides ongoing evaluation of the security of your networks or applications to support HIPAA, Sarbanes-Oxley (SOX), FISMA and GLBA/FFIEC compliance efforts.

How It Works

  • You identify your testing budget and allocate it as you see fit. Your account balance depletes with each database, network or application you enroll, and you can refill your account at any time.
  • An initial balance is credited to your account
  • You enroll a database, network or application target and choose the level of testing
  • Your account balance is debited according to predefined pricing
  • You schedule your tests for the enrolled network or application
  • A SpiderLabs expert conducts the test
  • Dynamic reporting is made available in the portal
  • You view and manage reporting within the portal
  • If desired, you then schedule maintenance testing to re-evaluate findings where possible

Attack Sequences

Illustrates how multiple vulnerabilities can be linked to execute a successful attack.

Detailed Findings

Discover vulnerability evidence, images and videos. Slideshow walkthroughs quickly explain vulnerabilities to key team members.

Real-Time Notifications

Stay on top of the latest changes in test status with instant email alerts.

Online Reporting and Metrics

Take advantage of multiple views of risk, remediation status, compromised data and status, across projects or tests. Historical views of test results allow for trend analysis and insight into your organization’s security posture over time. Review personalized reports by risk, finding status, projects, custom fields, individual tests, and test types, and export in multiple formats including: PDF, Excel, XML, CSV and HTML.

Centralized Dashboard

Drills down to at-a-glance views of project, test status and vulnerability findings.

Fresh Results

Verify security fixes have been correctly implemented with maintenance tests that re-evaluate any findings uncovered in prior tests where possible.

Document Locker

Delivers secure file storage for the safe exchange of test notes, documents and other files.