Sprocket Security

Pros: - Continuous pen testing is the way to go and pretty much similar in price to point-in-time testing
- High quality talent
- on-demand testing is great when testing new controls and new security tools.
- Portal to track testing / re-testing, findings and request manual testing.
- Detailed attack narratives are great and don't see that provided with a lot of other providers.

Cons: No Single Sign-on integration yet to the portal
Attack surface module could be further enhanced but they may not want to compete in that category.

Overall: Highly recommend and by far superior experience compared to other pen testing providers. The combination of excellent technical skillset of resources who are passionate about cybersecurity, continuous aspect of the service and customer support/service makes us a happy customer.

Pros: Sprocket Security brings a high level of cybersecurity expertise to the table. Their detailed approach to penetration testing ensures no vulnerabilities are overlooked. They offer a comprehensive dashboard of any findings and steps for remediation.

Cons: Initial testing happens within a 90-day window. Would be nice to start seeing results of the test prior to completion.

Overall: Sprocket Security is helping us discover and address any critical vulnerabilities in our network and overall cybersecurity posture through comprehensive penetration testing.

Pros: The staff are friendly and knowledgeable; they conduct thorough penetration testing and post their findings to a modern, dynamic portal/dashboard. If a particular finding is difficult to remediate, they are willing to jump in and assist. The details of the findings are impressive with real proof that a system has been exploited. They conduct human-driven testing, instead of the common "pentest" which only lists known CVEs discovered by an automated scanner.

Cons: It's not a direct reflection of Sprocket, but our third party MDR vendor seemed quite confused by the concept of "continuous" penetration testing.

Overall: Far and above a better pentest engagement experience than I've encountered with other IT security firms. The staff stays up to date with modern penetration testing techniques, they are knowledgeable and quick to respond to questions. They're also willing to assist with remediating their findings, which is a huge bonus for companies without the time or resources to dedicate to some of the more intricate/complex vulnerabilities.

Pros: They are hands on and want to make sure your environment is secure. They are local to us as well and knowing that you can trust a company in town that will help you in an event is a good thing to have on hand.

Cons: The dashboard doesn't get populated for the first 90 days but there is a lot of testing to do so I completely understand!

Overall: I've been pretty happy with Sprocket and is a great team to work with. Highly recommend the company!

Pros: - Easy
- Support
- Guidance on how to fix findings
- Results
- Reporting/Portal
- Expertise
- Functionality of the portal

Cons: - Many marketing emails - I'm already a customer
- I really can' t think of anything else.

Overall: I was looking for a penetration testing firm to test our security. I found Sprocket at a conference and I met people who were PASSIONATE about their job. Which, made me want to have a intro meeting, then lead to us being a customer. Super happy with Sprocket as our security partner.

Pros: The whole team is great to work with. From the first sales call, to scoping, procurement, implementation, and now in operation. Our technical account manager is super responsive and ensures our needs are prioritized. The testers provide great write-ups to their findings and are quick to hop on a call if clarity is needed. The product team is eager to hear how to improve the user experience of their platform. Over a year into our relationship and by far my best vendor to work with.

Cons: The only issue I could state, and it is a very small one, is just the reality of being a young company. Not every single feature is buttoned down. But nothing so consequential that it causes an actual pain point.

Overall: If you are looking for a real, continuous assessment of your network edge and/or apps and services then look no further. Sprocket does fantastic work. And if you sell software, it is a sales feature to say you aren't doing the old once-a-year, point-in-time pentest that everyone else does. If you product(s) release once a year, then ignore me. But, if you are an agile shop you need to be doing continuous pentesting and Sprocket let's you do that without investing in 26 pentests a year per product.

Pros: Sprocket provides comprehensive penetration testing services ranging from end user testing with vishing and phishing, internal servers and networks, and externally accessible web applications. During the several years that we have leveraged Sprocket, and the year that I have been working with them, they consistently manage to find attack surfaces and potential vulnerabilities that were often beyond the scope of what I would think is possible. The detailed reporting, the personal touch and explanations that come with the attack narratives are second to none and it all comes with a platform that is easy to navigate and provides a wealth of information that is useful to the engineer and the executive.

Cons: As Sprocket is a younger company there are some integrations with existing security tools that are likely missing. However, there is an excellent integration with Jira that we have had a great experience with. Outside of this the cons are few other than the additional remediation work they cause from their findings.

Overall: My experience with Sprocket has been overwhelmingly positive. The breadth and depth of the services they offer are phenomenal. Sprocket has proven over the years to be a valuable partner in strengthen our organization's security posture through highlighting the success of our security program and finding areas where it can be improved. Their ability to uncover attack surfaces and vulnerabilities and to communicate those findings in a personable way speaks volumes not only to the technical proficiency of Sprocket, but also the communication skills of their team.

Pros: IT Security is constantly evolving and requires that we are always one step ahead of the attackers. With a limited IT team having the knowledge and experience in house is not always an option but Sprocket Security can be an extension of our team and give us the capability to stay on top of the latest vulnerabilities and attack vectors.

Cons: Response times from testers can be a bit slow sometimes.

Overall: • The continuous testing is what stood out during our initial research. Our research found many other companies offered a single pen test which would give us a snapshot of our IT security at that particular time but not what it looks like weeks or months down the road. The continuous testing allowed us to always have an updated picture of our IT environment and not have to wait for the next annual pen test.

The onboarding process was smooth and required basic information such as domains and IP addresses to get started. We received access to the Portal to review the attack narrative and see findings as they were discovered. The testing team was responsive during the initial test and would answer questions or provide resources about what they were finding.