Multi-Dimensional Risk Management: RedSpy Takes PenTesting From Cool To Super Cool With The SIG

Multi-Dimensional Risk Management: RedSpy Takes PenTesting From Cool To Super Cool With The SIG

About RedSpy

RedSpy365 is a penetration testing and threat modeling platform that combines hundreds of security tools including the 2024 Shared Assessments Standardized Information Gathering Questionnaire (SIG) to measure and manage risk.

Darren Manners, a former Royal Navy Chief Petty officer with top-level security certifications, founded RedSpy365 about 10 years ago based on his experiences as a penetration tester. While working extensively in offensive and defensive security, Manners noticed that he could complete penetration testing on a company one week, and the next week, see the same company be brought to its knees by a cyber-attack or hack.

Security posture changes daily (if not hourly); Manners wanted to elevate penetration testing by turning a point-in-time snapshot into a real-time picture. RedSpy365’s real-time pentesting as a service (PTAAS) platform offers users threat intelligence through a user-friendly dashboard featuring performance metrics, actionable items, and heatmapping.

Leveraging The SIG

“As you move from being a photographer to a movie director, you start to add more content into your art. In a movie, you can start to understand the storyline a little bit better. I found I could take threat, credential, and business intelligence as well as third party risk and start to understand the control objects for any business,” Manners articulates.

Manners first encountered Shared Assessments when he was sent a SIG assessment request from a partner. Within the SIG, Manners observed replete critical security controls and rich regulatory content. He quickly realized he could use the SIG’s expansive security controls to strengthen RedSpy365’s mapping and visualization to help organizations understand where their controls are failing.

“As pen testers, we do not have institutional understanding of the assets we test. I don’t know where that server or asset sits and how it impacts the business. With an understanding of business impact analysis, you can better understand how risk effects an asset,” describes Manners.

Today, on the RedSpy365 platform, the SIG offers a fundamental understanding of control objects. SIG questions are tied to significant events detected via penetration testing and threat detection technology. RedSpy365 leverages the SIG to allow users to quickly ascertain management responses to questions and expectations around security events automatically in real-time.

Manners shares that “We rely upon Shared Assessments to maintain the mapping of multiple compliance and its ever-changing controls so we can concentrate on testing those controls in place.”

Mapping & Understanding Root Cause

Within the RedSpy365 platform, users are met by an approachable dashboard and dazzled by real-time visualizations giving shape to a multi-dimensional picture of resilience, economic loss, critical continuity, compliance, and ROI. RedSpy365 is a superb display of business intelligence coupled with cybersecurity.

Distinguished by real time threat intelligence mapping capabilities, RedSpy365 users can see an entire pathway of what a particular risk affects and its root cause. The SIG is used to map out likely attack path scenarios. Users map risk to business processes and understand the root cause control object that failed.  RedSpy365 users not only understand their risk thoroughly, but they are also able to prioritize and understand exactly how risk impacts their business.

See a risk. Understand how it occurred. Identify the control object that failed to allow that risk to occur. You must look at the control object – that is where the SIG comes into play!” explains Manners.

Redspy & AI Capabilities

Users of the RedSpy365 platform receive the benefit of open AI service. RedSpy365 uses Azure’s ChatGPT to facilitate uploads of SIG PDFs to their tenant – every client has a secure container index and storage account.

The super cool way to work with SIGs in RedSpy365 is to upload the SIG via our open AI service. When you ask a question and already have compliance documents uploaded, you will get an informed response using the Cognitive Search service in Azure. Because the SIG is previously indexed, you get responses straightaway” notes Manners.

Penetration testing and improved cybersecurity are cool. Risk management understanding provided by the SIG is very cool. Add in au-courant AI capabilities and you have RedSpy365’s super cool multi-dimensional, moving picture.


Connect with RedSpy365 and Darren Manners here to request a demo. Put on your 3D risk management glasses and enjoy the view!