Penetration Testing Services Cloud Pentesting Penetration Network Pentesting Application Pentesting Web Application Pentesting Social Engineering January 7, 2025 On this page Integrate Your Asset Inventory: Managing Assets with the BreachLock Unified Platform Unify your security testing with the BreachLock Unified Platform consolidating all your product solutions and test findings. Leverage a common data model, validate attack paths, and map your entire attack surface – all in one place. BreachLock breaks down silos and connects solutions to deliver a unified view of your security landscape for comprehensive asset visibility. By leveraging the power of integration, BreachLock consolidates PTaaS, Attack Surface Management, continuous pentesting and automated scanning, as well as red teaming capabilities in one data model for endless clarity and reporting. Asset Inventory This Asset Inventory feature in the BreachLock Unified Platform represents a comprehensive catalog of all assets discovered within an organization’s digital environment, whether systems, devices, applications, APIs, and other assets. Asset Discovery serves as a foundational element for identifying and managing potential security risks by ensuring complete visibility into the attack surface. Asset inventory is a common compilation of discovered assets for both PTaaS and ASM. In the BreachLock Unified Platform, anything discovered during ASM – Asset/Domain discovery is automatically added to this inventory and if the client wants to add an asset manually, they can use this as a common repository of assets. Asset Inventory: Dashboard The Asset Inventory dashboard will provide a rolled-up, cumulative view of all assets discovered during security testing, whether through PTaaS, automated pentesting and continuous scanning, or red teaming. These will include all asset types and whether they were auto discovered during automated pentesting, or the asset was manually added by the user. The user will have the option to search for assets by name or to filter the assets. All Labels: Assets that were auto discovered or manually added or both. Active/Inactive: Assets that are Active or Inactive. Asset Type: Filter by subdomain, IP, URL, Mobile, Cloud, IoT device, and other (such as an API that was added as an asset by the user). Add Asset or Group Asset: Under Asset Inventory, users can also add an asset or group assets by asset group. Active assets refer to a registered domain that is part of the original scope or has been manually added by the user to Asset Discovery for scanning. If the user wishes to exclude or provision an asset, it can be marked as Inactive and will not be part of the continuous scanning process. The reason for this is so that users can determine and focus on what is most important as part of the attack surface discovery process – meaning those assets classified as “Active.” Asset Inventory: Add Asset Adding an asset is only one click away. Users can click on “Add an Asset” and select the asset or domain they’d like to scan and asset type. Under Asset type users can add another domain, subdomain, URL, IP, IoT device, a cloud, or mobile asset, and the asset name. Users can also add multiple assets by clicking on the “+” sign to add multiple assets by going through the same process. Any asset that is manually added will automatically be included in Asset Inventory under the applicable asset type. As an iOS Application was manually added, this asset will now appear under Asset Inventory under Asset Type: Mobile. Added Asset Appears in Asset Inventory Automated Pentesting & Scanning: APIs Users can also import bulk assets by uploading a file or downloading the sample template and providing the asset information for bulk import. Any asset can be added, such as an API, as discovery is not limited only to what BreachLock uncovers. So, if users would like to add an API or multiple APIs for scanning, they can do so. Users can add as many additional assets that they would like as part of the attack surface discovery and scanning process. Asset Discovery: Create Asset Group Users can also group similar asset for easy categorization by Creating an Asset Group. A list of assets will appear whereby the user can group like assets together into a group. The user would determine the group name, select the domain or IP, and a description of the group to be created. Asset Discovery: Deactivate an Asset Users can also move an asset from Active to Inactive (or Deactivate) and remove the asset from further scanning. Simply Deactivate an asset by clicking on the box a next the asset or select the Action button to the far right of the asset. Asset Discovery: Edit an Asset Lastly, another user option is to Edit an asset. Users can just click on edit and modify the asset name and alias – or give the asset an alias – and asset type. In conclusion, Asset Inventory provides a clear understanding of what assets need to be protected, enabling security teams to: Identify vulnerabilities in known and unknown assets. Prioritize testing and mitigation efforts based on risk. Monitor for unauthorized changes or Shadow IT (unapproved systems or applications). Meet compliance requirements by documenting and managing assets effectively. By maintaining an up-to-date and accurate Asset Inventory, organizations can better defend against potential threats and streamline their security testing efforts. Watch all demos of The BreachLock Unified Platform here. Author Ann Chesbrough Vice President of Product Marketing, BreachLock Industry recognitions we have earned Tell us about your requirements and we will respond within 24 hours. Fill out the form below to let us know your requirements. We will contact you to determine if BreachLock is right for your business or organization.