The Edgescan Platform eliminates the need for tool configuration, deployment, and management.
By providing vulnerability intelligence and remediation information along with human guidance and vulnerability verification, we help our customers prevent security breaches, safeguarding their data and IT assets.
Edgescan offers a continuous security testing and unified exposure management SaaS platform that manages thousands of assets for businesses large and small in a wide variety of industries across the globe.
The Edgescan Platform eliminates the need for tool configuration, deployment, and management.
By providing vulnerability intelligence and remediation information along with human guidance and vulnerability verification, we help our customers prevent security breaches, safeguarding their data and IT assets.
Edgescan offers a continuous security testing and unified exposure management SaaS platform that manages thousands of assets for businesses large and small in a wide variety of industries across the globe.
The Edgescan Platform eliminates the need for tool configuration, deployment, and management.
By providing vulnerability intelligence and remediation information along with human guidance and vulnerability verification, we help our customers prevent security breaches, safeguarding their data and IT assets.
Edgescan offers a continuous security testing and unified exposure management SaaS platform that manages thousands of assets for businesses large and small in a wide variety of industries across the globe.
David has over 12 years of experience leading cybersecurity teams and hands-on development. He started his professional journey in Anti-Money Laundering (AML) at a major European bank. David has led hundreds of security engagements and contributed to thousands more, encompassing a wide range of activities. These include red team exercises such as penetration testing, DDoS testing, and phishing, as well as blue team exercises such as architecture and hardening reviews, app-sec process design, incident triage, and forensics. He is currently dedicated to advancing the boundaries of application and API testing and has a strong desire to create security technologies that are accessible to everyone.
David Kennefick holds a BSc in Computing and an MSc in Security and Forensics, both from Technology University Dublin.
Edgescan’s License Suggestions: Getting More Bang for Your Buck
Ever feel like you’re paying too much for security testing on some applications while others might need more attention? That’s a common problem for large organizations juggling hundreds or thousands of apps. At Edgescan, we’ve created a solution that helps you right-size your security testing.
The Right Testing at the Right Time
Over the past few years, we’ve seen a shift away from traditional annual pen testing to more flexible approaches. Instead of the old “schedule it, scope it, bill it, report it” model, our customers want something more dynamic.
The challenge is clear: If you have 500 pieces of technology, maybe 100 need full pen tests because customers or regulations demand it. But what about the other 400? What’s the right level of testing?
In an ideal world, you’d pen test everything. But that’s expensive and not always the best use of resources.
How License Suggestions Work
Our license suggestions function helps solve this problem. Here’s how it works:
We start a piece of technology with an Essentials level license (our lowest tier)
We run assessments to see what’s actually there
Based on what we find, we recommend the appropriate level of testing
For example, imagine a non-critical web application where you’re only doing unauthenticated testing. During scanning, we discover it has authenticated portions. We might suggest upgrading to authenticated testing for better coverage.
Two months later, after authenticated testing, we might find complex workflows and controls that scanner can’t adequately test. That’s when we might recommend upgrading to a pen test.
The process works in reverse too. We can suggest downgrading applications that no longer need intensive testing, helping you level off spending instead of watching it constantly increase.
By the Numbers
We’ve made this work at scale. As part of our right-sizing efforts:
We’ve reviewed 8,124 applications to ensure the license was the correct fit
Found sub-optimal licensing and recommended upgrades or downgrades on 1,846
Our customers have actioned 1,555 changes to licenses to get them at a more appropriate level
One large customer alone has upgraded around 600 assets and downgraded about 400 others over two years.
Three Key Benefits
1. Flexibility and value: You get better bang for your buck. If you spend $100k with us, you’ll get the right testing for each asset, maximizing your security budget while making spending more predictable.
2. Mature security program: With a track record of upgrades and downgrades, you can show a dynamic, requirements-based vulnerability management program rather than following rigid checklists.
3. Better metadata: Edgescan has 19 metadata fields for each asset. We populate six based on technical context, but you provide the other 12 about business impact, compliance requirements, and risk factors. This forces a healthy maturity in your asset management program.
Works at Scale
This approach especially benefits organizations with hundreds or thousands of applications. Your assets go into the system and come out with appropriate testing levels based on their actual risk profile and technical needs.
Think of it as a funnel system that ensures each piece of technology gets exactly what it needs—no more, no less.
The metadata fields that drive our recommendations include things like PCI status, direct internet access, business criticality, information classification, and availability requirements.
By using these factors to determine the right level of testing, we help ensure your security budget goes where it matters most.
More detailed information about asset metadata attributes are available in our public-facing knowledgebase here.
Schedule a demo to see how Edgescan’s license suggestions can optimize your security budget while ensuring appropriate coverage for all your applications.
Most organisations have the policies, the frameworks and the remediation requirements documented. The hard part has always been knowing whether any of it is true in practice. …