Frequently Asked Questions
General
What is Active Focus, and how does it benefit my organization?
Active Focus is our integrated solution that combines Attack Surface Management (ASM) with continuous penetration testing. It provides comprehensive, real-time monitoring of your security landscape, identifying and addressing vulnerabilities before they can be exploited. Unlike traditional solutions, Active Focus offers continuous updates and proactive threat management, enhancing your overall security posture.
How does Continuous Penetration Testing work?
Active Focus uses a combination of technological tools and expert assessments to continuously map and monitor your entire attack surface. This involves regular scans, vulnerability assessments, and penetration tests, as well as automated updates on new threats and vulnerabilities, ensuring that your security measures are always aligned with the latest threat landscape.
Why does Continuous Penetration Testing make my organization significantly safer?
Continuous Penetration Testing provides ongoing, real-time insights into your organization’s security posture, helping to identify vulnerabilities as they arise. This proactive approach allows for quicker remediation, reducing the risk of breaches compared to traditional, periodic testing. By continuously monitoring and assessing your environment, you can stay ahead of threats and maintain stronger security over time.
Who are our customers?
Our customers range from mid-sized businesses to large enterprises across various industries, including finance, energy, and technology. They rely on our expertise in cybersecurity and our continuous, proactive approach to security management to protect their critical assets. Link to public testimonials:
What is the difference between Continuous Penetration Testing and traditional periodic penetration testing?
Active Focus combines ASM (Attack Surface Management) with continuous penetration testing to provide a comprehensive and proactive security strategy. Unlike traditional penetration testing, which is point-in-time and conducted periodically, Active Focus offers continuous monitoring and testing, identifying and addressing vulnerabilities in real-time, ensuring more dynamic and up-to-date security protection.
Will I get a portal/dashboard
Yes, with Active Focus, you will have access to a secure portal where you can monitor real-time data, view detailed reports, and track the progress of vulnerability assessments and remediation efforts. The dashboard provides clear insights into your security posture and actionable recommendations.
What happens if Active Focus identifies a critical vulnerability?
If Active Focus identifies a critical vulnerability, you will be immediately notified with a detailed report outlining the vulnerability, its potential impact, and recommended remediation steps. Our team is available to provide additional support and guidance to ensure the issue is resolved promptly and effectively.
How can Continuous Penetration Testing make us DORA, NIS2, etc. compliant?
Active Focus provides a comprehensive overview of your security posture and helps identify and address gaps that may affect compliance with regulations such as DORA, NIS2, and ISO 27001. Continuous monitoring and regular reports ensure that you can maintain and document the necessary security standards over time.
What Peneteration Testing Methodology do you use?
Many of the penetration testing methodologies out there are lacking greatly in flexibility. This is why River Security has developed our own methodology which you can read about here: https://riversecurity.eu/penetration-testing-methodology/
Costs and budget
What does it cost?
Pricing for Active Focus is based on the size and complexity of your organization’s infrastructure. We offer flexible pricing models that scale according to your needs, ensuring that you receive maximum value for your investment. Contact us for a tailored quote.
Can any existing services or products be discontinued to save costs when investing in Active Focus?
Yes, investing in Active Focus may allow you to discontinue or reduce the use of certain existing services or products, potentially saving costs. For example, you may consider reducing reliance on standalone vulnerability scanning tools, single-use penetration testing services, or manual monitoring solutions. We can provide recommendations on which services might be redundant or less critical once Active Focus is in place.
Will there be any additional costs associated with implementing Active Focus?
There are no costs associated with implementing Active Focus beyond the agreed-upon service fees. Any additional costs would be related to specific customizations or integrations required for your environment. We will provide a clear breakdown of costs upfront, so you know what to expect.
How will Active Focus impact my overall security budget?
Implementing Active Focus may involve an initial investment, but it often leads to cost savings over time by consolidating multiple services and reducing the need for sporadic or redundant security measures. By streamlining your security approach and potentially phasing out less efficient tools, Active Focus can offer better value and improved protection for your security budget.
Onboarding and Customer Involvement
How much time will my team need to invest during the Active Focus onboarding process?
During the Active Focus onboarding process, your team will need to invest some time in providing necessary information and access to relevant systems. This typically involves a few meetings and coordination efforts. On average, your team's time commitment is about 4-6 hours over the course of the onboarding period. We work to minimize the impact on your team's daily operations.
What level of ongoing involvement is required from my team once Active Focus is implemented?
Once Active Focus is implemented, ongoing involvement from your team is minimal. You will receive regular updates and reports, and we may occasionally need to schedule brief meetings to discuss findings or adjustments. Our goal is to keep your team informed without requiring significant ongoing effort. Optional monthly serviced meetings are included.
Do you offer trial periods?
Yes, we offer trial periods to allow you to evaluate the effectiveness of Active Focus within your environment. This trial includes access to all key features and continuous monitoring and penetration testing capabilities.
Are you hackers?
Yes, but not in a malicious sense. River Security employs ethical cybersecurity professionals who use legal and authorized methods to test and strengthen your security. Our goal is to identify vulnerabilities and help you protect your organization from actual cybercriminals.
