Attack Surface Management
Attack Surface Management (ASM) is a cybersecurity practice focused on the continuous discovery, analysis, prioritization, remediation, and monitoring of vulnerabilities and potential attack vectors within an organization’s IT infrastructure.
Threat Intelligence
Overview
This advanced module operates as a virtual threat analyst, continuously gathering, analyzing, and enriching threat data from various sources to provide actionable insights and proactive threat mitigation strategies. It empowers organizations to stay ahead of evolving cyber threats and make informed decisions to safeguard their critical assets.
Key Features:
-
Threat Intelligence Dashboard: The Threat Intelligence Dashboard is a comprehensive tool that offers a visual representation of cyber threats and vulnerabilities. It includes features such as Social Network visualization, Trending, tracks mention of an organization over time and references to top industries in cyber threat reports, providing insights into potential targets. The Scanning feature provides insights into threat actors’ probing activities, while Top Scan Results highlight significant findings from these scans.
-
Social Footprint: Social Footprint measures, manages, and reports an organization’s social sustainability performance. It helps organizations understand their social risks and impacts and communicate their social sustainability efforts effectively.
-
Scan: The Scan feature automates the process of examining a system or network for any behavior or information that might signify a threat or vulnerability.
-
Domain Scan: The Domain Scan tool automates the process of investigating a specific domain for potential threats or vulnerabilities.
-
Feed: The Feed feature in a threat intelligence news feed is a real-time, continuous data stream that gathers information related to cyber risks or threats.
User Manual:
Threat Intelligence Dashboard
Click the “Threat Intelligence Module” to navigate to the TI Dashboard
Threat Intelligence Side Navigation Menu
Social Footprint
Scan
Click Scan to set a Schedule for Scan. Add the details of the target to scan, then click submit. After scanning, view the Scan History to see previous scanned targets. Select any title in the table to view the data. Summary of the data after scanning will be displayed.
Scan
Schedule for Scan
Scan board
Scan history
Summary of Data
Domain Scan
Click Domain Scan, then click the New Scan Button. Input the Name of the target and the target domain, then click Scan Now. After the scan, click the scanned target to view the data. Data shown are the result of a scanned domain. Click on one of the correlations to view the vulnerabilities of the hosts.
Target view data
Scanned domain
Host Vulnerabilities view
Feed
Click the Feed, select a cyber news site, and click View More to view the list of news on that site. Select any news to read.
Feel free to adjust the template further as needed!
View more
List of News in Bleeping Computer site.
Select any News
If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.
Vulnerability Assessment and Management
Overview
Welcome to the Vulnerability Assessment and Management module. In this section, you'll be guided through the process of using our vulnerability assessment and management tool. You'll learn how to:
- Access the module interface.
- Create and configure a VAM scan.
- Navigate the dashboard and understand its components.
Vulnerability assessment and management is a process for identifying, evaluating, and addressing security weaknesses in an organization’s systems and networks. It involves scanning for vulnerabilities, assessing their impact, and prioritizing them by severity. This includes using tools and techniques to find vulnerabilities, analyzing the results, and generating reports for remediation. Management then involves applying patches, adjusting security settings, and monitoring for new threats. The goal is to enhance security, reduce risk, and protect against potential exploitation.
Navigate to the module:
- Click on the menu icon to show all the different modules
- Under the Attack Surface Management module, click on Vulnerability Assessment and Management (VAM)
How to Create a Scan
- To create a VAM scan you must first go to the scans dashboard as shown in the picture
- Then you click the New Scan button
- A modal then pops up to showcase the types of scans that can be conducted. Once a type is chosen, click next to proceed.
- Input fields are shown to be filled out to start a scan:
- Name - name of the organization
- Description - description of the scan
- Target - link of where the scan will be conducted, i.e www.example.com
- Once the information is filled out, click start scan. The newly created scan will be placed in the scans dashboard.
Scans Dashboard:
The scans dashboard provides a comprehensive overview of all ongoing scans, displaying the percentage of completion for each one. Additionally, it highlights the number of detected severities and vulnerabilities, offering a clear and detailed snapshot of the scan results.
- Clicking on the view button for a completed scan shows a full in-depth analysis on the results of the scan
Vulnerability Assessment and Management Dashboard:
- Offers a comprehensive overview of the organization's risk profile and vulnerabilities.
Vulnerability Score:
The total risk presented by vulnerabilities found in an organization's systems is measured by the Overall Vulnerability Score in a Vulnerability Assessment and Management (VAM). This score is the result of assessing various elements, including each vulnerability's criticality, possible impact, exploitation, and severity. Metrics like the Common Vulnerability Scoring System (CVSS) scores, which grade vulnerabilities according to their effect and ease of exploitation, are also included. The overall vulnerability score aids in prioritizing repair activities by offering a consolidated view of the organization's risk exposure. This helps direct resource allocation to address the most urgent security concerns and improve the organization's overall security.
Overall Vulnerability Score - Trend:
The Vulnerability Score Trend tracks changes in the overall vulnerability score over time, showing how the organization's risk posture evolves. This trend helps assess the effectiveness of remediation efforts, identify recurring issues, and evaluate long-term security strategies. By analyzing these trends, organizations can gauge improvements in their security posture and make informed decisions to enhance cybersecurity.
Vulnerability Scans:
Running Scans - Indicates how many scans are running
Completed Scans - Indicates how many scans were completed
Assets Scanned - Indicates how many assets were scanned
Vulnerabilities by Severity & Asset Type:
The charts displaying "Vulnerabilities by Severity" and "Vulnerabilities by Asset Type" provide a comprehensive breakdown of identified vulnerabilities within an organization. The "Vulnerabilities by Severity" chart categorizes vulnerabilities into critical, high, medium, low, and informational levels, offering a clear view of their distribution based on their severity. This classification helps in prioritizing remediation efforts according to the risk they pose. Meanwhile, the "Vulnerabilities by Asset Type" chart illustrates the count of vulnerabilities detected across various asset categories, such as web assets, network assets, and mobile assets. This chart allows organizations to understand which asset types are most vulnerable, facilitating targeted risk management and more effective allocation of security resources. By visualizing these metrics, the charts assist in identifying patterns and trends, ensuring a strategic approach to enhancing overall security posture.
- To view detailed information about each vulnerability and its scan location, click on any colored segment of the graph or chart. This action will open a modal displaying comprehensive details including the CVE identifier, severity level, target, asset name, and URL associated with the specific type of severity scanned.
Top CVEs Detected & Top Vulnerable Assets:
The Top CVEs Detected and Top Vulnerable Assets provide crucial insights into an organization's security posture by identifying prevalent vulnerabilities and at-risk assets. The Top CVEs Detected report highlights the most frequently found Common Vulnerabilities and Exposures (CVEs) within the organization, focusing attention on the most common and potentially severe vulnerabilities that need immediate remediation. In contrast, the Top Vulnerable Assets chart identifies which specific assets are most frequently affected by vulnerabilities. Together, these metrics enable organizations to prioritize their security efforts by addressing both the most critical vulnerabilities and the assets most susceptible to threats, thereby improving overall risk management and resource allocation.
- Clicking on one of the top vulnerable assets reveals a detailed scan history for that asset. This comprehensive view includes information such as the CVE identifier, severity level, CVSS score, URL, and asset name. Unlike the summary view, which displays only average severity, average rating, and the number of vulnerabilities scanned, this detailed view provides a deeper insight into each specific vulnerability associated with the asset.
If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.
Virtual Penetration Testing
Overview
Welcome to the Virtual Penetration Testing module. In this section, you'll be guided through the process of using our virtual penetration testing tool. You'll learn how to:
Virtual penetration testing is a remote security assessment method designed to evaluate the vulnerabilities and weaknesses within digital environments, including web applications, networks, and systems. By simulating potential attacks using various tools and techniques, this method helps identify security flaws and assesses the effectiveness of current defenses. Unlike traditional in-person testing, virtual penetration testing is conducted over the internet, offering flexibility in testing locations and often reducing costs. The primary aim is to detect and address vulnerabilities before they can be exploited, providing valuable insights to enhance your organization’s security measures.
Navigate to the module
- Under the Attack Surface Management module, click on Virtual Penetration Testing (VPT)
Create a Penetration Test Scan
- To create a penetration test you must first go to the scans dashboard as shown in the picture
- Then you click on the Penetration Test icon to start a Penetration Test
- A modal then pops up where the information for the scan that will be tested is shown
- Once the information for the penetration test is filled out, click save scan. It then starts the scan and will be shown on the Scans Dashboard.
Penetration Test Scans Dashboard:
In the Penetration Test Scans dashboard, it shows all Penetration Tests that were conducted. It shows the completion of the test, whether it has finished the scan or not. It also shows the website where it has conducted the test as well as the different types of severity for the vulnerabilities & risks the penetration has scanned.
Virtual Penetration Testing Dashboard:
- Offers a comprehensive overview of the organization's risk profile and vulnerabilities.
Total Vulnerabilities Detected & Severity:
This section displays the total number of vulnerabilities detected during penetration tests, categorized by severity: informational, low, medium, high, and critical.
Penetration Activity:
The Penetration Activity section shows the amount of all the penetration tests that were conducted for an organization, all the web assets scanned, during penetration testing, as well as all the currently running penetration tests.
- Clicking on one of the sections of the penetration activity reveals a modal, which shows detailed information of the penetration tests conducted. For example, the modal for Total Penetration Test shows the target of the test, type, date, and the status of the penetration test conducted.
Penetration Graph:
In this section, a penetration graph is a visual tool that summarizes the results of security assessments. It typically displays various metrics, such as the distribution of vulnerabilities across different severity levels such as informational, low, medium, high, and critical. This provides a clear picture of the organization's risk profile. The graph may also track trends over time, showing changes in vulnerability counts and test status, and highlight which assets were scanned and the vulnerabilities detected per asset. This visualization aids in understanding the effectiveness of security measures, identifying areas needing improvement, and prioritizing remediation efforts based on severity and impact.
- Clicking on a severity type in the penetration graph triggers a modal that provides comprehensive details about the penetration test for the selected task source. This modal displays key information, including the total number of vulnerabilities detected and any critical assets identified. It also offers insights into the scan itself, such as the task source, vulnerability type, host, path, insertion point, and severity level.
Top Vulnerabilities Detected:
Top Vulnerabilities Detected provides a visual summary of the most critical vulnerabilities identified during the test. It typically ranks these vulnerabilities by severity or impact, highlighting which ones pose the greatest risk. The graph often categorizes vulnerabilities by type or affected system areas, such as web applications or network services, and may show their frequency of occurrence. This helps prioritize which vulnerabilities need immediate attention and provides insight into the overall risk landscape. Additionally, if the graph includes data over time or across different test phases, it can help track trends and assess whether security improvements are being made. Overall, this graph is an essential tool for understanding and addressing the most significant security threats uncovered in the penetration test.
- Clicking on any section of the graph triggers the display of a modal that provides detailed information about scans that have identified a top vulnerability. This modal presents a comprehensive overview, including the target of the scan, the type of vulnerability detected, the date of the penetration testing, and the current status of the vulnerability. This detailed view helps users understand the context and specifics of each detected vulnerability, facilitating more informed decision-making and prioritization.
Recent Penetration Test:
Recent Penetration Test refers to the latest assessments performed to evaluate the current security status of your system. These tests identify and analyze vulnerabilities, helping you understand recent threats and improvements. Reviewing recent tests ensures your defenses are up-to-date and aligned with the latest security risks.
Top Exploitable Assets:
Top Exploitable Assets refer to the most vulnerable components of your system identified as having the highest potential for exploitation by attackers. These assets are prioritized based on their risk level and ease of exploitation, helping you focus on addressing the most critical weaknesses to enhance your overall security.
To access detailed information about vulnerabilities from a penetration test, click on any item in the "Top Exploitable Assets" list. This action reveals a comprehensive view of the scan, including the types of vulnerabilities detected and their severity levels. The modal also displays scan details such as the start and end times, duration, and sources of the test. Additionally, it provides specifics on vulnerability types, affected hosts, paths, insertion points, and overall severity, offering a thorough understanding of the identified security issues.
If you need further assistance, kindly contact our support at info@cytechint.com for prompt assistance and guidance.