The release of FedRAMP’s Revision 5 has raised many questions, including those regarding the addition of a red team exercise requirement for those seeking FedRAMP authorization. As the #1 provider of FedRAMP assessments on the Marketplace who have extensive experience in offensive security, we have insight to offer.

For as long as the concept of cybersecurity has been around, much of the focus has centered on sophisticated technical controls—firewalls, password strength, network segmentation, endpoint protection, encryption, etc. And while implementation and regular testing of all these measures does better safeguard your organization, you also need to secure your people. In that, a social engineering campaign can help immensely.

Did you recently implement a new artificial intelligence (AI) feature within your application and now your customers are starting to ask for AI-specific penetration tests? Are you curious as to how an assessment like that would work? As with all these exercises, it starts with scoping.

Penetration testing is of course a major component of any security strategy. If you're preparing for your first penetration test, it's essential to ensure you're well-prepared to maximize the value of this assessment. This article outlines five key steps to help you get ready for a successful penetration test.

Though society has, these days, moved firmly into the digital age where emails, texts, and the online world dominate both communication and cyber-attack vectors, it might not occur to people—or organizations—that some scams are still perpetuated over the phone in what’s called a vishing attack.

In our experience as cybersecurity experts and highly qualified penetration testers, there are typically three reasons why you may move forward with a penetration test and start looking around for a provider. Making that initial decision to move forward with an assessment like this is a big step, but what should you do after you make it?

Picture this: you've signed up for a social engineering attack as part of your organization's penetration test, specifically an email-based phishing campaign. The penetration testing firm is asking you to allow list their campaign through your mail filters and other technical controls. You have all those advanced protections in place - spam filters, web proxies, next-generation phishing protections - designed to protect your end users from phishing attacks. Yet, when it comes to assessing the very risk these controls are meant to mitigate, should you lower them for the tester specifically for the purpose of the test?