New Addition to the Family - AttackForge Core
This week we released AttackForge Core – the product that has been on my mind since the inception of AttackForge. Actually – even before that, but I will write about that separately one day.
We worked on the front lines of Information Security for many years. And we saw how hard penetration testing is from both sides of the great “supply and demand” divide. Thousands of pentests delivered, and as many received – this was the inspiration for our vision.
Until this moment we have had two products – AttackForge.com for freelancers, bug bounty hunters, small teams, and aspiring pentesters (AKA students); and AttackForge Enterprise – for large enterprises, government agencies and MSSPs. We poured everything we got into these products and both turned out to be astounding successes.
Less than two years after the launch - thousands of pentesters and engineers and big teams across huge enterprises are finding and remediating thousands of vulnerabilities on every continent (except Antarctica 😉 ) … all with the help of AttackForge!
We learned that our fellow security professionals and their colleagues in business and engineering teams do like AttackForge. But we also knew that there was a gap. Medium-sized security consultancies and enterprises with moderate volume of pentesting still missing a product that would work for them – with their own dedicated tenant (like AttackForge Enterprise) but without some of the Enterprise features. And more affordable. After all – we were there, in the same trenches.
So we went on a path to understand how the new product - that would later become AttackForge Core – should look like. Our team went to analyse the feedback we got from our existing customers, and especially from those that found AttackForge.com and AttackForge Enterprise too small and too big respectively. The idea was to make sure that AttackForge Core features would give these customers what they need, and support them with a licensing model that would fit their business.
Here is the list of key features that Consultancies wanted:
Client portal - for direct customer collaboration
Service catalogue - to speed up scoping process
Workflows to manage customers interactions
Workflows to manage penetration testing projects
Integrated custom reports in their own style - to ensure the brand recognition and readability
Centralized libraries - to speed up reporting
To enable collaboration within teams
Automations and Integrations - to do more within the time box of a pentest
And value-add features to retain existing and attract new customers
On the other hand, medium-sized Enterprises wanted a slightly different set of capabilities:
Tracking and analysing the pentesting program as a whole – to prove the value and efficiency of pentesting program
On-demand reports – tailored for all different stakeholders within the organisation (and to keep auditors happy)
Secure workspace for pentesting projects data
Standardized methodologies - for consistent testing (by internal team or by external vendors)
Consistent vulnerability language across organization – to make sure that teams understand each other
Scheduling and resource management – to save time and money
Consistent workflows for security, engineering, and business teams – internal or external – involved in pentesting activities.
That gave us the realisation – we can create a product that would work for consultancies and medium-sized enterprises!
This week we launched that product! We called it AttackForge Core – to recognise that it gives customers the core capabilities of our flagship - AttackForge Enterprise, and licensing model that supports these customers. You can find the full comparison between AttackForge Core and AttackForge Enterprise on our web site.
I am really excited to follow the journey of AttackForge Core! And the team have plenty of interesting ideas on where to take it next… I am sure I will be writing about it 😊