The simplified user interface on Red Sentry’s management console may be just two months old at this point, but there’s nothing new about the goal behind that redesign. The still young company has been trying to make the normally complex art of pen testing more accessible for channel pros since its founding early in 2020.
The modernized UI, in fact, reached users just months after the launch of a reporting wizard similarly meant to make preparing and customizing customer-ready information about vulnerabilities and remedies easier.
“We want to be able for them to use this data and be able to populate reports very quickly and simply,” said Jenny Goldschmidt, an account executive at Red Sentry, during a conversation with ChannelPro at yesterday’s SMB Forum event in Charlottesville, N.C. The vendor was given the award for Best Expo Hall Presentation for a silver-level sponsor and selected as winner of the ROI Lightning Round during that show.
The content of those reports is collected by Red Sentry’s cloud-based, heavily automated vulnerability management platform, which like other vulnerability scanning systems searches end user environments for misconfigurations, unpatched applications, and other problems that attackers could use to get inside a network. Unlike those other solutions, however, Red Sentry’s follows up on the issues it detects, like a pen tester, to see if they’re potential dangers or real ones.
“We’re actually validating that they are in fact vulnerable to the vulnerabilities found, rather than just giving a bunch of false positives,” Goldschmidt says.
By default, the system automatically tests target networks for new issues every 24 hours, moreover, rather than weekly or monthly like many vulnerability scanners or annually like many penetration testing service providers. Dark web monitoring is included in the service.
“It’s basically just continuous pen testing, continuous vulnerability management on a daily basis,” Goldschmidt says.
The solution provides actionable remediation advice as well. “It’ll give you exactly what the vulnerability is,” Goldschmidt says, “and then it’ll give you a full recommendation for patching that.”
An open API lets users export reports to a PSA solution. Built-in integrations deliver real-time notifications as well in Microsoft Teams, Slack, Jira, Trello, and other systems.
Fees for the solution, which are charged on a per client site basis, are designed to fit channel pro budgets. Packages starts at $500 a month for 10 clients and scale up from there. “The more customers they have, the lower the price per customer,” Goldschmidt notes.
Red Sentry also offers traditional, hands-on pen testing, a service few channel pros are equipped to provide. “It’s an underserved market right now,” Goldschmidt says. “They just don’t have the manpower to do it themselves.”
Or the skills in most cases, she adds. Yet demand for penetration testing is on the rise among businesses of all sizes, in part because cyber insurers are increasingly demanding that businesses go through the process. “A lot of these clients are going to their MSP asking if they offer pen testing, and that’s usually when we get calls,” Goldschmidt says.
Red Sentry typically uses its own brand when evaluating end users, something channel pros rarely object to, Goldschmidt says, because compliance frameworks like PCI-DSS and SOC 2 require pen tests to be performed by third parties.
“We are mainly channel, so they’re not going to have to worry about competing with us,” she adds, noting that partners can white label the company’s reports and portal if they wish. Results are typically available in less than a week.
Rates for the service vary based on the size and complexity of the end user’s environment, which Red Sentry assesses through a brief questionnaire. Pricing begins at $2,500 and rarely exceeds $20,000.
“They’re working with a lot of small, medium-sized businesses that can’t afford a $40,000 pen test,” says Goldschmidt of the typical Red Sentry partner, “so we price our pen test affordably enough that an MSP could go in and even still make a little bit of margin on it.” Invoices are sent to the partner rather than their customer, she notes, to give channel pros control over those profits.
Membership in Red Sentry’s partner program provides access to its security engineers as well as a library of brandable marketing materials and monthly sales trainings.
Global spending on penetration testing will climb at a 12% CAGR through 2027 to $3.1 billion, according to KBV Research.
