Review: ImmuniWeb offers true automated penetration testing

Its machine speed allows it to scale, while the human penetration testers ensure complete accuracy.

binary neural network - artificial intelligence - machine learning

One of the best ways for organizations to get an idea of their network vulnerabilities is to hire penetration testers to come in and perform real attacks against their network, only without the added malicious payloads that most attacks entail. The military does this with their so-called red team exercises, and if the penetration testers are highly skilled or even ex-hackers, they can help you to learn a lot about where your network is most vulnerable.

There are two major problems with penetration testing, and one annoyance. In terms of problems, the first is that penetration testing is almost impossible to scale. Human testers can only go so quickly, and even in relatively long engagements where they might work for a week attacking a friendly network, they are only going to be able to access a small part of most enterprises. Second, because they can’t work continuously, it exposes organizations to a lot of risk between testing. In terms of the annoyance, they are expensive, with the best testing teams costing upwards of $100,000 or more per engagement.

ImmuniWeb Test Request John Breeden II / IDG

The platform is automated, but because humans are watching over everything, users can request specific testing parameters, like no testing on Friday, or staying away from certain systems, and the human staff will configure ImmuniWeb accordingly.

The ImmuniWeb suite aims to be a sort of penetration testing platform that anyone can use and afford. They do this by automating almost all of the penetration testing, while keeping a staff of experts on hand all the time to help out if the platform gets stuck or encounters something new. As the humans fix the problem, the program watches what they do and uses machine learning to reprogram itself so it won’t get stuck again. Humans are also called if ImmuniWeb encounters something that it suspects is a vulnerability, but isn’t completely sure. In that case, humans must either verify the vulnerability or reject it. High-Tech Bridge guarantees that no customer will ever receive a false positive from their testing. If they do, they get their money refunded.

Pricing is reasonable compared with hiring full teams of human penetration testers. Available as an on-demand service, a monthly subscription starts at $999.  

Testing ImmuniWeb

The installation process for the ImmuniWeb platform is almost non-existent. Potential customers visit the High-Tech Bridge website and answer a series of questions about their network and the types of testing they are interested in having performed. Users can then select a payment option and type out any specific requests for the test, such as not doing any testing on certain days, not testing against SQL, or whatever they need. Speaking to a live human is also an option, though we didn’t find it to be necessary during our testing.

To continue reading this article register now

The 10 most powerful cybersecurity companies