MSSP, Compliance Management, API security, Automated penetration testing

Outpost24 Offers New Pen-Test Reports, Mobile and API Packages

Credit: Adobe Stock Images

Exposure management vendor Outpost24 is giving organizations a platform for consolidating all of their penetration testing results.

The Philadelphia-based company this week rolled out the offering to eliminate the need for managing multiple reports from different sources, giving security teams a single place to directly view, schedule, and download reports and see insights from the certified pen testers.

At the same time, Outpost24 grew the pen-testing service with packaged pen tests for mobile and API endpoints, improving the security posture in two fast-growing areas of corporate IT environments and addressing the evolving nature of pen testing, both in technology and the complexity of cyberthreats.

“As organizations adopt more agile methodologies and cloud-native applications, the need for continuous, in-depth testing has become increasingly critical due to evolving attack surfaces, faster release cycles, and stringent compliance requirements,” Nick Griffin, Outpost24's vice president of product operations for Outpost24, told MSSP Alert. “The shift to cloud-native applications and mobile, and increased use of APIs, AI, and microservices, have expanded the attack surface, resulting in more code to test, distributed across multiple cloud platforms.”

In addition, the growing number of compliance frameworks like PCI-DSS, ISO27001, and SOC 2 mandate regular pen tests, Griffin said.

Apps and APIs Bring Challenges

The challenges are growing for organizations that manage hundreds of apps and APIs across multiple business units, he said, noting that coordinating bespoke tests across such environments can be slow and expensive. For SMBs, these challenges are compounded by their limited budgets and staffs.

The market numbers reflect the shifting nature of pen testing. The global pen-testing market was more than $2.1 billion last year and could grow to more than $9.5 billion by 2034, according to Polaris Market Research, driven by the growing number and complexity of cyberattacks, the adoption of cloud computing and digital transformation initiatives, and the more stringent frameworks.

Offering Something Different

Griffin noted that there are other platforms on the market that give a single place for pen-test results. However, Outpost24’s platform differentiates itself by allowing organizations to use it to directly communicate with the pen-testers.

“This direct interaction enhances the efficiency of the remediation process,” he said. “The platform enables fix verification to be performed, eliminating the need to rely on internal teams to manually check remediation ensuring a streamlined approach and saving time.”

The platform also offers a comprehensive view of risks, enabling organizations to better understand their risk posture.

Pen Testing for Mobile, APIs

The new packages for mobile computing and APIs come at a time when more organizations are exposing data through their mobile apps and APIs, with many companies using them as the primary way to interact outside of the organization, Griffin said. This trend touches a broad range of industries, including healthcare, banking, and retail.

“There can also be an impact on internal tools within an organization which often run or interact with untrusted networks and devices, making them attractive targets for attackers,” he said. “Many of these organizations are also employing an ‘API-first’ approach, where most modern apps are in fact API gateways, where a single vulnerable API can expose sensitive data or internal systems."

Through the new pen-test packages, security teams can run targeted and repeatable assessments of mobile apps and APIs without adding skill sets or tools, or the overhead associated with managing in-house testing. This means they address vulnerabilities that traditional web application and network pen testing overlook, he added.

MSSPs and Pen Testing

As with most areas in the expanding and sophisticated cybersecurity field, MSSPs and MSPs are seeing their role in pen testing expand.

“MSSPs serve as both aggregators and advisors, particularly for SMBs and mid-market enterprises, which rely on them to manage their security operations,” Griffin said. “By doing so, MSSPs and MSPs help their customers coordinate pen testing, eliminating the need for customers to source, schedule, and interpret results.”

They can also integrate pen-testing results into their monitoring and remediation services, ensuring prompt action on identified vulnerabilities. In highly regulated fields, service providers often know what such obligations involve and have specialized staff to manage the frequency and documentation of required testing, he said.

MSSPs and MSPs can use Outpost24 tools to validate the security of their own infrastructure, including their apps and APIs, integrate those tools into their offering to manage and schedule reporting through the vendor’s platform, and leverage its API to show information in their dashboards.

Jeffrey Burt

Jeffrey Burt has been a journalist for almost 40 years, moving from general-circulation newspapers to IT news sites in 2000. He’s an expert analyst and writer on cybersecurity, data center infrastructure, AI, and a host of other subjects for a range of organizations, including CyberRisk Alliance, eWEEK, Techstrong Group, The Next Platform, and The Register.

You can skip this ad in 5 seconds