About Secfix
Secfix helps companies get ISO 27001 and TISAX compliant in weeks by automating many of the processes and paperwork. Their offering is especially useful for small and medium-sized businesses. But of course, when you sell security to others, you must make it your top priority.
Industry: Information Technology
Headquarters: Berlin, Germany
Employees: +25
The Problem
Secfix was already conducting pentests regularly. However, these are costly, which limits their frequency, which led to a problem: their product is rapidly evolving, and each code deployment could introduce new vulnerabilities to the product. Monitoring their infrastructure and testing for vulnerabilities on a 24/7 basis became a priority to keep their security posture in excellent condition.
The Solution
In the words of Grigory, Secfix’s co-founder, the setup of our Automated Pentest was extremely simple. All that was needed was to add a domain record to their DNS and select the assets to test. After set up, they began conducting black-box tests with our Automated Pentesting tool. Each asset would get tested for vulnerabilities, and when one was found, it would be added to their dashboard. Grigory mentions how user-friendly it is to use. Having one view of where risks lay gave “more transparency to the engineering team on what are the things we need to improve and in which priority”.
Having the automated pentests complemented the annual pentests they were already doing. While the automated pentests provided in-breadth, continuous testing, the pentests focused on in-depth testing.
The Outcome
Today, our Automated Pentest is fully integrated with their security workflows. The real-time security alerts, risk scoring, and the automated re-testing of patched vulnerabilities are essentials they use every day. In addition, Grigory mentions how easy to understand the reports are, which helps to explain the impact of investing in security to stakeholders.
Having the reliability of an automated pentesting tool improves our security posture and helps our engineers write better, more secure code. I really like the product and how easy it is to use it! I’d recommend it to other small startups as well. It will cover the essentials and is actually affordable.- Grigory Emelianov, Co-Founder & CTO at Secfix