DPT is about giving the client context for the risks associated to the vulnerabilities found either individually, collectively or specifically to a host, data set or system. Using the CNS Risk Profiling Algorithm, customer-centric risk factors, industry information and the CNS Cyber Intelligence Network we are able to identify and prioritise where the clients precious resources should be sent in order to get maximum risk reduction for minimum effort.
Our Dynamic Penetration Testing (DPT) service answers this security deficit, by enabling companies to gain regular updates on the status of their security. The clever software interface aggregates multiple strands of security information, displaying it in an intuitive, easily accessible portal. DPT is about giving our client’s context, for the risks associated to the vulnerabilities found either individually, collectively or specifically to a host data set or system.
Using the unique CNS Risk Profiling Algorithm, customer-centric risk factors, industry information and the CNS Cyber Intelligence Network, we are able to identify and prioritise where the client’s precious resources should be sent in order to get maximum risk reduction for minimum effort. DPT allows us to provide organisations with continuous assurance that their networks are secure.
What does peace of mind look like?
Here are some screen shots of the DPT interface, outlining its current functionality as well as recent additions available to our clients.
A real time graphing of risk score changes – Giving users up to the minute information on
changes that are occurring, whilst providing contextual information on issues that have occurred
previously.
Risk overview - Breakdown of risk points by area, including real time graph, and list of all
hosts within that area, and all issues affecting those hosts. The information provided gives
the user a detailed understanding of the risk environment at a glance.
SSL Issues - Various SSL issues now include list of non-compliant SSL ciphers to help with
remediation of SSL/TLS config. These lists are updated every time a host is scanned –
The user receives relevant information on SSLs including what remediation needs to
be put in place to alleviate the risk.
Software Vulnerabilities - If an out of date piece of software is detected, then its version number
is shown to help track it down, alongside the recommended "fixed" version.
Regression - If an issue was closed, then detected again at a later date, it is flagged as a regression,
rather than a new issue, this can be handy in detecting failures of procedure, where a host VM has
been rolled back to an earlier version, or where a gold image has not been updated.
Effectively flagging issues - Any issues can now be flagged using "Request clarification". We've added a new button added in both the issues list and the issue page itself. When someone flags one or more issues needing clarification, an email alert is sent to the CNS Pen Test team, who will log in and answer these queries.
So,for example, if you post a comment asking 'Hi what does 'x' mean on our report', you can then click the button (bottom right) flagging it for a clarification request, and our team will respond.
