Marionette is an offensive security services provider based in New Delhi, India, built around the idea of βbreaking things on purpose to find problems.β Its services cover penetration testing, red team exercises, vulnerability research, detection engineering, audit readiness, password recovery, and security training. It also offers a self-service SaaS product, Namewatch, for monitoring newly registered brand-related or impersonation domains.
In terms of protection style, Marionette focuses more on attack simulation and security validation than on traditional firewalls or endpoint protection. Its penetration testing covers Web, API, mobile, internal network, and cloud environments, with support for black-box, gray-box, and white-box testing, plus a retest window. Red team engagements are objective-driven and may include initial access, persistence, lateral movement, and evasion. Vulnerability research includes reverse engineering, fuzzing, and exploit development. Delivery is mainly project-based; training can be delivered on-site or remotely; Namewatch is offered as SaaS.
Its detection engineering service is worth noting: rather than simply applying ATT&CK templates, Marionette designs log pipelines, writes rules, and tunes alerts based on real activity generated during testing. This makes it suitable for teams that already have a SOC or logging infrastructure. For compliance, Marionette can assist with ISO 27001, SOC 2, and customer security reviews, including gap analysis, control mapping, and evidence preparation, though it does not disclose which certifications it holds itself.
No specific pricing is publicly listed. Penetration tests are described as fixed-scope engagements lasting 1β3 weeks; red team work is multi-week and objective-based; vulnerability research and detection engineering can be delivered by project or retainer; audit readiness is milestone-based; password recovery is project-based and requires ownership verification. Marionette is better suited to companies, security teams, and engineering teams with clearly defined asset scopes and the ability to digest technical reports and drive remediation.
The main advantages are its complete service chain, reports that emphasize reproduction steps and remediation paths, and end-to-end delivery by the same lead, which may make communication more direct. The downsides are that pricing, support SLAs, customer references, company size, payment methods, and Namewatch API/notification integrations are not clearly stated. Access from mainland China is unknown; for cross-border procurement, buyers should also confirm network connectivity, contract payment arrangements, data export requirements, and local compliance obligations. If local delivery is required, it may be worth comparing similar penetration testing, red team assessment, and brand impersonation monitoring services from Chinese security vendors.
β This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on marionette.in official site.
marionette.in is an India Cybersecurity provider. TG4G tracks its product information, an overall rating of 7.0/10, and a China-accessibility score of Workable. Click "Visit Official Site" to reach marionette.in directly.