Automated Penetration Tests

Enginsight offers a comprehensive set of features for analyzing and securing your system landscape. This includes the possibility to set up automated pentests and to repeat them according to defined templates.

You will receive comparable audit reports.

May we introduce:

Our Hacktor is your personal pentester that can pentest all accessible assets within a network segment. It is up to you where you place a Hacktor and how many you want to operate. The Hacktor can be installed on popular Linux distributions or purchased directly from us as a preconfigured appliance. With your Enginsight account you can install as many hacktors as you like without any additional costs.

Asset Discovery

Our Asset Discovery automatically finds for you all components located in a network segment (e.g. server network or printer network) (servers, laptops, switches, printers, IoT devices, etc.).

The data from the asset discovery can then be used automatically as the basis for our pentest. A manual entry of IP addresses is of course still possible.

Furthermore, URLs to web applications can also be used for a pentest.

AUDIT REPORTS

For each pentest you will receive a meaningful audit report. You can see immediately where action is needed.

By using templates, you can execute pentests once they have been defined again and again to verify the measures taken.

An AI-supported procedure also detects whether personal data leaves the host unencrypted.

Easy to set up

A penetration test is configured within a few minutes. Once pentests have been set up, they can be repeated at any time and are therefore reproducible and, above all, comparable on the basis of the audit reports.

No additional costs

Our Hacktor as well as the Asset Discovery can already be used in full from the Basic Package. In addition, you will receive any number of health checks and SNMP, PING or PORT monitoring.

Everything from a single vendor

With your Enginsight account you can not only perform automated pentests, you get access to the complete Enginsight Suite, incl. IT-Monitoring, CVE-Scanner, Deep Packet Inspection, Eventlogging, etc.

What happens during an Enginsight

Each target is subjected to a defined set of tests. Currently the pentest consists of 5 parts: Intelligence Gathering, Spoofing, Bruteforce, Discovery and DDoS.

Intelligence Gathering

Intelligence gathering refers to the gathering of information before an attack. As much information as possible is collected here, which may be of interest for the further pentest. This applies, for example, to the operating system, ports, services, applications, etc.

Spoofing

Spoofing refers to attacks on IT systems in which the attacker masquerades as someone else or makes his identity unrecognisable. This type of attack is usually used to drain information unnoticed. At this point, we are reviewing in particular:

Bruteforce

Bruteforce is a problem solving method based on trying out all possible cases. In the field of IT security, this often refers to an attack in which an attacker gains access to a system by systematically trying out authentication data.

Discovery

Our web-based discovery searches for suspect accessible files such as server configuration elements, index files, HTTP server options, etc. and attempts to identify installed web servers and software.

DDoS

A Distributed Denial of Service (DDoS) attack attempts to overload a server by sending a large number of requests that require resource-intensive processing.

Enginsight is a Telekom Techboost Company