The 2023 GigaOm PTaaS Radar Report: BreachLock Named Market Leader and Fast Mover

In the realm of cyber security, penetration testing has been a fundamental practice for revealing system vulnerabilities and enhancing security measures for organizations of all sizes and industries. While traditional methods like legacy pen testing have limitations due to dependency on human experts and delayed comprehensive reporting, the emergence of Penetration Testing as a Service (PTaaS) has revolutionized this landscape with the addition of modern capabilities and functionalities that positively impact the flexibility, scalability, speed, and efficacy of pentesting. However, it should be noted that human-delivered pentesting is still of importance and is often used to augment or substantiate vulnerability findings.

This week, GigaOm released its expert analysis of the vendors in the PTaaS market in the 2023 GigaOm PTaaS Radar Report. This report highlights key vendors and the beneficial impact of their capabilities to equip technology and security leaders with the technical knowledge they need to choose a PTaaS provider to align with business requirements and use cases.

Gigaom is a leading platform that democratizes access to strategic, engineering-led technology research while evaluating providers and their products to enable strategic IT decision-makers to explore, scope, and grasp the critical and complex technical challenges and decisions facing them every day. GigaOm’s expert evaluation recognizes BreachLock as a PTaaS Market Leader and Fast Mover, in which BreachLock scored Exceptional for outstanding focus and execution across most of the key criteria outlined in the report.

Commenting on BreachLock’s capabilities, report author, Chris Ray, wrote “BreachLock is committed to revolutionizing pen testing by ushering it into the “as-a-service” era. By thoughtfully integrating AI technologies, it enhances the speed and quality of its services, offering its clients a seamless experience.”

Key Criteria in the GigaOm PTaaS Radar Report – Where BreachLock Shines

For this 2023 PTaaS Radar Report, GigaOm evaluated each PTaaS vendor based on three categories:

1. Market Segment (SMB and Large Enterprise) and Deployment Type (SaaS and Hybrid)
2. Key Criteria Comparison across seven criteria summarizing the features and benefits of each
   vendor’s solution and how they differentiate evaluation metrics (Flexibility, Scalability, Speed,
   and Risk Reduction.
3. Emerging Technology (Integration with ASM and Private PTaaS Platform)

Market Segment and Deployment Type Evaluation

GigaOm analyzed how well-positioned each PTaaS vendor is to serve both small-to-medium businesses (SMBs) and large enterprises. BreachLock was on par with other leading vendors where most scored Capable (good with improvement) and a majority limited or lacking in their ability to serve SMBs.However, BreachLock was one of only three vendors who scored consistently across all four criteria – Market Segment: SMB and Large Enterprises as well as Deployment model: SaaS and Hybrid – indicating that BreachLock maintains a consistent focus and execution in serving customers with ease of use and deployment for SMBs and addressing business-critical projects by offering optimal solutions for large enterprises, including flexibility, versatility, and scalability to improve security and data protection.

BreachLock also was one of the few vendors to offer both SaaS and hybrid deployment models. BreachLock’s automated pentesting SaaS model is designed to be deployed and managed by BreachLock and is a unique selling point. In comparison to 2022, BreachLock has seen a 30% increase in the number of automated enabled pen testing findings – a direct reflection of the implementation of innovative technologies. Using automation, pentesting is significantly accelerated, with results seen almost immediately in real-time inside the client’s dashboard. Online vulnerability reports provide real-time alerts of findings using a Slack channel (included with no code integration). Customers who do not have Slack integration can still benefit from real-time alerts where out-of-the-box JIRA server, JIRA Cloud, Jenkins, Trello, Slack, SSO via Okta, and other integrations are available. BreachLock also has an open Rest API that their clients can use to inject results into their workflows. This is a low-code customizable option available to all BreachLock clients, providing them with complete flexibility. The most important element, however, is that BreachLock is the only PTaaS provider in the market to offer AI-enabled automation that can identify attack patterns and anomalies that would be impossible to find through human pentesting. This allows faster prioritization and remediation of evidence-backed vulnerabilities.

The BreachLock Hybrid model is deployed as a service starting from the approval of the scope of work (SoW).In both on-premises and private cloud environments, it is entirely self-serve with no interference by BreachLock. Upon receiving an e-signature from the client committing to the SoW, clients can automatically log into their accounts, add users, and manage their subscriptions and assets. Integrations can be configured within the platform, including scans, pentests, and retests, all scheduled at the time and day that works best for the client. Scans can be configured or disabled, and live scans can be run within the platform with the ability to see progress and the status of the scan in real-time. Unlimited retests can be run with one click with the number of days remaining to run retests, all highlighted in an easy-to-use, friendly UI. Customers continuously have an overview of their pentesting environment, pentesting requests, those in progress or QA, and pentests completed – all in one overview pane. Integrated ticket creation for remediation action is available, along with reports and compliance certificates downloadable within the platform at any time.

Key Criteria Evaluation – Where BreachLock Excels

BreachLock received primarily exceptional and good scores across almost all of the key criteria comparison evaluated in the 2023 GigaOm PTaaS Radar report, including the following:

Built-In Vulnerability Scanners

Built-in vulnerability scanners within Penetration Testing as a Service (PTaaS) solutions offer a host of advantages for modern security strategies. This consolidation optimizes resource allocation, providing a streamlined and cost-efficient security framework for businesses that delivers comprehensive cost savings by combining various capabilities into a unified platform. Built-in vulnerability scanners enhance operational efficiency, ensure comprehensive vulnerability identification, and reduce the chances of oversight due to overlooked information. BreachLock incorporates automated scanners into its PTaaS methodology, significantly increasing the flexibility and efficacy of penetration testing and accelerating vulnerability identification to reduce risk.

Integration with SDLC Technologies

The evolving software landscape necessitates close ties between security solutions and Software Development Lifecycle (SDLC) technologies. The rising popularity of Penetration Testing as a Service (PTaaS) integrated within SDLC frameworks accelerates the discovery, assessment, and prioritization of vulnerabilities for remediation, starting in design through deployment and maintenance. This collaboration dismantles traditional silos between security and development, fostering a seamless approach. Real-time sharing ensures faster remediation and is further streamlined by direct integration with issue-tracking systems.

Retesting of Findings

The ultimate goal for security teams goes beyond mere remediation – it’s validation. PTaaS introduces a crucial feature not formally included in traditional penetration testing practices – retesting of findings to validate previously identified vulnerabilities. Retesting these vulnerabilities ensures that the security controls put in place will indeed defend against potential threats. The BreachLock PTaaS solution scored exceptional in this area, enabling clients to verify the efficacy of these controls.

Enhanced Communications

Communication challenges within penetration testing were prevalent before the arrival of PTaaS, with barriers to communication between organizations and the pentesters involved in pentesting exercises. PTaaS solutions like BreachLock have revolutionized the sharing of information and improved communication by introducing direct messaging capabilities, establishing clear communication channels between clients and key stakeholders, including program managers, pen testers, and senior technology and security leaders. This enhancement expedites information exchanges, fostering a collaborative approach and reducing the inefficiencies of past communication methods. BreachLock’s built-in communication functionalities connect customers with pentesters directly to allow customers to ask questions and get support, which helps accelerate remediation and decision-making.

Automated Workflows

Multiple security tools have long employed automation to streamline tasks, refine processes, and reduce response times. However, its integration into penetration testing presents significant benefits. Traditionally, manually reading through penetration test results was laborious and susceptible to human error, but with PTaaS solutions like BreachLock, automation reshapes how organizations consume and remediate results. Low-code or no-code functionalities ensure that results are easily understood and interpreted based on risk categorization and integrated into workflows. With PTaaS solutions like BreachLock, security teams can shift their focus to addressing vulnerabilities and reinforcing security measures rather than manually reading through and interpreting pentesting results delivered in a PDF report.

Streamlined Procurement

The evolution of penetration testing through PTaaS solutions emphasizes a service procurement process and accessibility, significantly enhancing the overall self-serve user experience. A key advantage of BreachLock is its streamlined, automated questionnaire to assess the scope of work and the ability to take advantage of BeachLock’s as a service pentesting platform without any interference from the provider. BreachLock uniquely re-engineered the PTaaS procurement processes with a dual SaaS and hybrid deployment approach, offering provider-managed and self-serve models to differentiate itself from other providers in the PTaaS market.

BreachLock’s Excellence in Emerging Technologies within the PTaaS Market

As the GigaOm report highlights, the integration and adoption of emerging technologies like Attack Surface Management (ASM) and private PTaaS platforms indicates how well each vendor takes advantage of technologies that aren’t considered mainstream. Despite having less utilization in the market overall, ASM and private PTaaS platforms are expected to become more widely adopted and present compelling benefits within the next 12 to 18 months, according to GigaOm. BreachLock scored exceptional in both emerging technology categories.

BreachLock incorporates ASM capabilities into the PTaaS process to give security professionals the insights and visibility they need to fully manage the risks across their entire attack surface. BreachLock’s ASM capabilities include asset discovery, inventory and classification, risk and criticality scoring, malicious asset and incident monitoring, breached credential monitoring, and more. BreachLock customers can truly understand and visualize their full attack surface to minimize exposures and mitigate risk more effectively.

About BreachLock

BreachLock is a global leader in PTaaS and penetration testing services. BreachLock offers automated, AI-powered, and human-delivered solutions in one integrated platform based on a standardized built-in framework that enables consistent and regular benchmarks of attack tactics, techniques, and procedures (TTPs), security controls, and processes to deliver enhanced predictability, consistency, and accurate results in real-time, every time.