Find an entry point:
- Consult CVE disclosures and databases for info on specific vulnerabilities
- Scan the target’s attack surface for vulnerabilities
Continuous insights from an outside-in perspective help identify vulnerabilities and assess risks.
Automated risk detection and risk scoring for improved prioritisation actions.
Contextual asset information and proposed mitigation actions help to delegate security fixes.
Risk assessment data provides input for further vulnerability management processes.
A vulnerability is a weakness in a system that can be exploited by a threat actor. A weakness can be anything from a programming mistake, to a lack of security due to oversight or process errors.
However, a vulnerability is not necessarily a risk. In risk management, a risk = chance x impact. That means contextual data is needed to assess to what degree action should be taken.
Usually, a threat actor’s intend is to work their way up through privilege boundaries until they have administration rights and can access more valuable information. With threat actors increasingly using automated techniques to quickly determine their target’s weak spots, it’s imperative you stay in control of your attack surface and are constantly aware of the possible entry points.
Find an entry point:
Detect and assess assets related to the brand
Scan individual assets for vulnerabilities (CVE)
Look for an existing exploit or develop one for the vulnerability
Receive a risk rating for each asset
Create vulnerability-based dashboard insights
Identify the potential business impact
Exploit the vulnerability and gain access to the target’s infrastructure
Receive remediation advice and track status changes over time
Automatic notifications for new vulnerabilities
Integrate with CMDBs and vulnerability scanners
Gain control over systems, obtain confidential data, install malware / ransomware
Export vulnerability and risk information to support:
Our Attack Surface Management platform will
Assess each identified asset for the existence of vulnerabilities
Determine the risk level based on contextual information
Provide input for other vulnerability management processes