Redspin Services Overview

Redspin's information security assessments have become synonymous with technical excellence, comprehensive findings, and actionable results. Our controls and penetration testing services have helped hundreds of companies reduce risk, maintain regulatory compliance, and make information security a priority in their organization.

Many security companies focus on a singular point solution based primarily on automated scanners and other tools. Redspin takes a more holistic approach, offering a broad array of testing services backed by expert security engineers that complement your internal scans, rather than replace them.

Our external penetration tests identify ways to ensure that malicious attackers cannot exploit vulnerabilities in your public-facing IP infrastructure. But we don't stop there. We also run pen tests on your internal network and mission-critical applications. In addition, we know that the importance of information security is not always understood by all employees uniformly, so we provide social engineering testing as a way to raise info sec awareness throughout your enterprise.

Redspin has developed a suite of services to address every requirement of your organization's testing program. While each program is specific to its environment, it is common for organizations to periodically perform a balance of controls and penetration testing.

What is a controls test? Sometimes called a "whitebox test" or IT security audit, we come to your location and dissect your Information Security Program, control by control, providing a comprehensive and cost-effective review of in-scope IT infrastructure, policies, and procedures. Our goal is to identify and recommend both short term technical fixes as well as systemic policy and procedural changes to prevent similar issues in the future.

What is a penetration test? There are many in the industry who define penetration testing as simply the process to validate vulnerabilities — and we do not disagree. By this definition, all of our services are a form of penetration testing. However, we've also expanded upon the definition of penetration testing. We consider it a targeted exercise with testing that mimics a malicious user and determines the possibility of executing a real-world attack on assets (including infrastructure, applications, and people). Our goal is to identify the level of risk that exists at a single moment in time.

What Redspin Offers

Policy/Controls Testing

Redspin's controls testing has been designed to provide third-party objective evaluation of your institution's internal control environment to support and strengthen your Information Security Program (ISP) and improve management's overall knowledge of risk.

Infrastructure Penetration Testing

Redspin's infrastructure security assessments utilize a risk-based approach to manually identify critical infrastructure vulnerabilities that exist on targeted external and internal systems.

Application Penetration Testing

Redspin's application security assessments will provide you with an objective review and analysis, ultimately providing the assurance that your critical applications can withstand common Internet and internal threats.

Social Engineering

Redspin's social engineering testing identifies and validates vulnerabilities associated with your employees' ability to follow documented policies and procedures and security best practices.

Enterprise Solution

Redspin understands that Fortune 1000 companies often have a larger IT infrastructure to protect and a more complex technology operating environment to work within. As such, we offer an ongoing, process-oriented program for continuous and durable improvements with fixed monthly pricing.