One Source of Truth: Simplifying Vulnerability Management and Insights with the BreachLock Unified Platform

Unify your security testing with one seamless platform that consolidates all your product solutions and test findings. Leverage a common data model, validate attack paths, and map your entire attack surface – all in one place.

BreachLock breaks down silos and connects solutions to deliver a unified view of your security landscape for comprehensive asset visibility. By leveraging the power of integration, BreachLock consolidates PTaaS, Attack Surface Management, continuous pentesting and automated scanning, as well as red teaming capabilities in one data model for endless clarity and reporting.

Unlock unparalleled operational efficiency, gain crystal-clear transparency, maximize the impact of your security testing, and confidently measure ROI—all with a comprehensive, centralized view of your security investments and outcomes.

The BreachLock Unified Platform consolidates vulnerabilities through Attack Surface Discovery providing the following:

• Holistic Visibility: Provides a complete view of the attack surface, enhancing remediation efficacy.
• Improved Remediation: Centralized platform allows for targeted mitigation, addressing the most critical vulnerabilities.
• Streamlined Management: Eliminates silos, enabling seamless workflows and faster vulnerability resolution.
• Proactive Risk Reduction: Identifies trends and risks early to prevent breaches before escalation.
• Data-Driven Decisions: Offers actionable insights to prioritize vulnerabilities based on severity and business impact.
• Enhanced Compliance: Simplifies audits and reporting, ensuring adherence to industry standards.
• Efficient Resource Use: Reduces duplication of effort, focusing teams on high-priority activities like patching.
• Scalability: Adapts to dynamic infrastructures, including cloud, IoT, and remote endpoints.

ASM Vulnerabilities

The Vulnerabilities feature will specifically focus on risk discovered across all assets through the attack surface discovery process providing a comprehensive and cumulative view of the results of all scans and the user’s ability to rescan vulnerabilities for mitigation efficacy. This unified visibility eliminates blind spots, including overlooked or misconfigured assets, enabling security teams to focus on high-priority areas.

VULNERABILITIES: Overview

Upon logging in to the BreachLock Unified Platform, the left panel is a set of overall platform features. Under the main dashboard is ASM and a drop-down menu for all analytics associated with external (EASM) and internal (supported by PTaaS) scans. The last tab under ASM is the feature for “Vulnerabilities” consisting of a rolled-up view of all vulnerabilities discovered through the attack surface discovery process.

Vulnerabilities discovered are itemized and include the name of the vulnerability, its risk severity (from Critical to High, Medium, Low, and Informational), assets impacted by that vulnerability, when the vulnerability was identified, and lastly the ability to generate a rescan.

The user can search by a specific vulnerability, by risk, or by mitigation status.

VULNERABILITIES: Search & Filters

The vulnerability overview has three search and filter capabilities that allows the user to sift through vulnerabilities with ease.

1. Search Bar: Search vulnerability by name
2. All Risks: A pull-down menu that allows users to search for vulnerabilities by risk severity
3. Unpatched: A pull-down menu that allows users to search for vulnerabilities by those that are unpatched, patched, and false positive

Risk represents the distribution of vulnerabilities BreachLock experts have identified, classified by severity. The user can simply view by “All Risks” and the user will see the option to filter by:

• Critical: A vulnerability representing the most severe level of threat leading to likely exploitation.
• High: These vulnerabilities are severe but typically less devastating but exploitation could significantly compromise systems.
• Medium: Those risks that can cause harm but are less likely to exploitable or have a lower overall impact.
• Low: Representing minor security implications or are difficult to exploit.
• Informational: Indicates a vulnerability but might provide details about system behavior or configuration to improve security awareness.

Adjacent to the “All Risks” tab is another drop-down menu in which the user can filter by:

ly
• Unpatched: Those vulnerabilities that have not been patched, updated, or mitigated yet.
• Patched: Vulnerabilities that have been patched.
• False Positive: Vulnerabilities that have been classified as a false positive by the user.

As mentioned in the Dashboard Overview demo, users have the ability to mark a vulnerability as a false positive. However, please note that this is very rare as BreachLock guarantees a 99% false positive rate. Moreover, vulnerability details with include Proof of Concepts (POCs), or evidence that the vulnerability is a true positive.

VULNERABILITIES: Vulnerability Details

Users are able to explore deeper into the discovered vulnerabilities in two ways, either filtering for those vulnerabilities they’d like to view first by risk severity or by simply clicking on the vulnerability line item.

Here you will find all the vulnerability details and contextual data starting with:

• Risk Severity
• Name of Vulnerability
• # of Assets Impacted
• CVSS Score
• CVSS Vector for which BreachLock supports both CVSS 3 & 4

Vulnerability Description: This includes a description of the vulnerability itself, where it may have originated, and the potential impact if no action is taken. So, we are not just providing a line item rather it is part of a rolled-up view for better consumption of how many assets are affected with those specific vulnerabilities.

Remediation Recommendation: This is an expert recommendation for remediation of the vulnerability.

Assets Impacted: Each asset is labeled by whether it is identified for the first time labeled as “New Discovered”. Or it can be labeled as Rediscovered or a vulnerability that has been seen before and is rediscovered on this asset.

So, for example, if it is discovered for the first time, it is labeled “New Discovered”, and our experts will let the client know it is a newly discovered vulnerability and should pop up on their radar as new.

A newly discovered vulnerability can be discovered multiple times because every time it is associated with another asset – so, for example, two assets could be impacted by the same vulnerability but are different assets – basically a new vulnerability seen for the 1st time. In this case there is only one asset impacted.

By clicking on each asset, you will find the vulnerability history on the impacted asset. This includes whether the vulnerability again is new or rediscovered, any updated findings, URLs that may be vulnerable, a description of the vulnerability.

Proof of Concept (POC): A POC is concrete evidence of the vulnerability demonstrating that it is not a false positive but a true positive.

VULNERABILITIES: Marking as a False Positive

If, for some reason, the user views the informational risk, they can either leave it as part of asset discovery or classify it as “False Positive” to simply to focus on those vulnerabilities that matter most. The user can click on the vulnerability and the same view for vulnerability details will pop up. The user can review all the details and assets impacted and may determine, for example, that none of are false positive.

However, if the user wants to mark a vulnerability as a false positive, click on the box next to the asset and then click on the “False Positive” box above. In doing so, it takes the user back to the main screen where a green box pops up in the right corner stating that the vulnerability has been marked as a “false positive.” Now when the user filters for any false positive vulnerabilities, that vulnerability will now appear under the “False Positive” category.

VULNERABILITIES: Automated Rescan

Off to the far right of each vulnerability you will see an “Automated Rescan” box for each vulnerability. By clicking on this, the user will trigger the scan on all impacted assets and validation checks are executed for that vulnerability only.

Again, if a vulnerability is discovered for the first time, it is labeled as “Newly Discovered” If a vulnerability is discovered in further scans or automated rescans, it is labeled as “Rediscovered”. If the vulnerability is not discovered in further scans, the vulnerability will move to “Patched” vulnerabilities

By clicking on “Automated Rescan” a green box will appear in the upper right stating “Automated rescan for request sent successfully.”

As you can see, the box is now in gray meaning the automated rescan was or has been initiated. Rescans are often initiated to ensure that the vulnerability has been mitigated effectively and the controls put in place are working. And, if this is the case, the vulnerability will move to “Patched” vulnerabilities.

By consolidating assets, vulnerabilities, and test findings in one unified platform, organizations eliminate the inefficiencies of switching between multiple tools and systems centralizing automated workflows across all solutions and accelerating the remediation and reporting processes.

With findings all in one place, the BreachLock Unified Platform unifies analytics and shares insights across DevSecOps teams enabling faster decision-making based on real threats and their potential impact. With high fidelity data, users can better understand vulnerable assets and why they may be business critical.

Watch all demos of the BreachLock Unified Platform here.

Author

Ann Chesbrough

Vice President of Product Marketing, BreachLock