NetSPI enhances social engineering penetration testing solutions

Oct. 19, 2023
The phishing tests follow NetSPI’s platform driven, human delivered methodology, leveraging a combination of technology and manual testing to customize engagements and more accurately simulate adversaries based on business context.

Minneapolis, MN – October 19, 2023 – NetSPI, the global leader in offensive security, today announced enhancements to its social engineering penetration testing solutions to help organizations build resilience to modern-day phishing attacks. The updates bring a customized, contextual approach to social engineering testing and go beyond basic phishing campaigns to simulate advanced techniques such as device code and OAuth application phishing and capturing multi-factor authentication tokens.

NetSPI has identified opportunities to update its processes and tooling to create efficiencies, cost savings, and scalability. The phishing tests follow NetSPI’s platform driven, human delivered methodology, leveraging a combination of technology and manual testing to customize engagements and more accurately simulate adversaries based on business context. All tests are managed and delivered in NetSPI’s Pentesting as a Service (PTaaS) platform, to provide a streamlined program management experience.

Social engineering remains one of the top ways adversaries gain access to environments and sensitive information. Phishing attempts are becoming more sophisticated and less recognizable. The use of emerging technologies such as artificial intelligence (AI) has redefined and reimagined traditional phishing attacks, creating widespread impact.

“Phishing remains a persistent threat to any organization. It is imperative for organizations to continuously evaluate their resiliency to phishing as adversaries continue to evolve and develop new, advanced techniques,” says Patrick Sayler, Director of Social Engineering at NetSPI. “To better reflect the challenges our clients are facing today, we’ve updated our social engineering testing capabilities to deploy modern, advanced techniques that more accurately evaluate an organization's defense against these attacks at a larger scale.”

In tandem with the increased risk and sophistication, this news comes during Cybersecurity Awareness Month, which is led by the National Cybersecurity Alliance and the Cybersecurity and Infrastructure Agency (CISA). NetSPI has signed on to be a Champion of the initiative which brings organizations together to promote cybersecurity awareness and best practices for data protection.

This year, the organizations are bringing awareness to four critical steps to stay safe online, one of which is to “recognize and report phishing.” NetSPI’s enhancements align with their mission and aim to not only help organizations evaluate their security awareness programs and policies, but also demonstrate the potential impact of a successful phish and provide clear, actionable recommendations for program improvement.

To learn more about NetSPI’s social engineering penetration testing solutions, visit: https://www.netspi.com/security-testing/social-engineering.Â