Continuous Penetration Testing with Lifeguard™

Lifeguard™ is the industry-first, “white glove” continuous penetration testing service that provides a continuous view of risks posed to your organization by Information Technology assets, preventing real-world attacks by identifying and communicating new vulnerabilities to relevant IT staff for remediation.

Lifeguard™ connects your IT staff directly to our professional penetration test team, enabling rapid collaboration during the remediation process, to remediate and validate vulnerabilities, ensuring newly identified vulnerabilities are properly remediated, drastically shrinking the amount of time an attacker has to find and exploit any given vulnerability.

Lifeguard™ is highly customized to your environment and we develop a tailored approach for each customer.

For a completely hands off approach, let us explore different areas of your network in the way a real-world attacker would. For a more targeted approach, drive us to specific areas of your network or even to specific apps and hosts.

Lifeguard™ Works

Over a period of 2 years, we compromised one client 63 times, breaching the external perimeter and pivoting to the internal network. None of these critical risk findings were identified by a vulnerability scanner, so if the organization was relying solely on automated vulnerability scanning, they would have missed these devastating exploitable vulnerabilities. These issues would have been left unaddressed, leaving them ripe for exploitation by real-world attackers.

When our customers remediate a finding, it is automatically kicked back to our professional penetration test team for validation testing. In this stage, our team reviews the finding and attempts to re-exploit the vulnerability. Shorebreak also thoroughly searches for bypasses to any applied fixes, ensuring the issue is fully and properly addressed before confirming the fix. In cases where a bypass was found or the issue is otherwise still exploitable, Shorebreak’s team re-opens the finding and provides any additional relevant remediation recommendations.

Our test team’s recommendations may include high level recommendations such as best practice guidelines, and may even include specific technical insights such as exact function calls within code and specific changes to configuration files. Our team is dedicated to walking with our clients step by step through the remediation process, timely responding to all questions and providing technical insights directly to the relevant personnel who need it.

As part of this process, we conduct validation testing to ensure the vulnerability has been successfully remediated. 11% of the time when a customer thinks they fixed an issue, it is still vulnerable. In this case, we reopen the finding and hold their hands to ensure it gets remediated.

Our pen test team works directly with your system/network/app administrators and developers, eliminating security staff as a chokepoint for getting vulnerabilities remediated.

Lifeguard™ is Not Automated Penetration Testing

Every security finding in Lifeguard™ is produced by an expert penetration tester – not a tool, resulting in an accurate risk rating. Gone are the days of sifting through false positive vulnerability scan results – with Lifeguard, it’s already been done for you. We don’t stop there either – we conduct an impact analysis on each of our findings, explaining and demonstrating what practical attacks the finding enables for a real world adversary, giving you the insight you need to prioritize the most severe issues in your triage.

Within each of our findings is a narrative section explaining the finding, how it was exploited, including screenshots of the exploit sequence, and the finding’s impact. We also provide recommendations uniquely tailored to your organization’s needs to provide assistance to your IT staff with remediation.

Vulnerability remediation validation is also conducted manually, and often takes as much time as identifying the vulnerability in the first place. We pride ourselves in going the extra mile and testing for bypasses to applied fixes, because a partial patch can be just as good as no patch and we need to get it right.

Lifeguard™ Empowers Your Staff

Our customer’s Information Security staff love Lifeguard™ because they no longer have to configure, run, and analyze scanners, then look up assets in the inventory system and communicate vulnerabilities to IT staff. When Lifeguard™ is set up, IT assets are linked to relevant IT staff and security findings are communicated directly in order to eliminate the InfoSec team being a chokepoint. It’s also not the security team pointing the finger, it’s an outside pen test team, which helps keep the peace in the organization.

Customer’s Information Technologists love Lifeguard™ because we hold their hands through the vulnerability remediation process, ensuring they have correctly fixed the security issue. We don’t care how many times we have to go back and re-open a finding or how much we have to explain how to fix a problem. We are there to ensure our clients are successful, and we stick around until the job is done!

Lifeguard™ Features

  • Secure, interactive web portal that acts as a vulnerability management and ticketing system all in one – no user limit
  • Continuous Attack Surface Management via host discovery and port scanning – our CEO Mark Wolfgang developed cutting edge host discovery techniques way back in 2002 that have since been incorporated into nmap, but we still have our own techniques
  • Daily Vulnerability Scanning that feeds pen tester work flow
  • Daily manual penetration testing by expert pen testers
  • Daily manual vulnerability remediation validation testing by expert pen testers
  • Bleeding edge CVE testing – we catalog software versions on a daily basis and cross-reference it with the latest CVEs in order to test client systems sometimes up to a week before vulnerability scanner plugins are published
  • On demand report generation – filter by department or team

Lifeguard™ Pricing

Pricing is dependent on the size of your network perimeter and the complexity of your organization. Please email us for a free consultation.

Lifeguard™ Free Trial

Give us 45 days to prove our value and we’ll show you what Lifeguard is all about. We’re offering free 45 day trials of qualified customers Lifeguard. Contact us via email or book a meeting with Mark Wolfgang for more information.Every security finding in Lifeguard™ is produced by an expert penetration tester – not a tool, resulting in an accurate risk rating. Gone are the days of sifting through false positive vulnerability scan results – with Lifeguard, it’s already been done for you. We don’t stop there either – we conduct an impact analysis on each of our findings, explaining and demonstrating what practical attacks the finding enables for a real world adversary, giving you the insight you need to prioritize the most severe issues in your triage. 

Within each of our findings is a narrative section explaining the finding, how it was exploited, including screenshots of the exploit sequence, and the finding’s impact. We also provide recommendations uniquely tailored to your organization’s needs to provide assistance to your IT staff with remediation.

Vulnerability remediation validation is also conducted manually, and often takes as much time as identifying the vulnerability in the first place. We pride ourselves in going the extra mile and testing for bypasses to applied fixes, because a partial patch can be just as good as no patch and we need to get it right.