The BreachLock Platform offers a proprietary standardized, built-in framework that serves as a safeguard for precision and quality, automating routine tasks like report formatting, proof of concept integration, and basic vulnerability identification.
BreachLock offers continuous pentesting that is automated, and human-led manual pentesting conducted by BreachLock OSCP, OSCE, and CREST-certified pentesting experts. Both solutions provide our clients with the flexibility and versatility to choose the solutions that best align with their business and security requirements. BreachLock recommends a hybrid approach or a combination of both continuous and manual pentesting for the best outcomes.
Asset Discovery feature includes all assets discovered in Domain Discovery scans, or manually added into inventory, including details of associated vulnerabilities.
Data Breach is user exposure within the domain on the Dark Web both with and without a password.
Assets discovered for subdomain, IP address and/or asset group.
Ability to initiate domain discovery or data breach scans, live or on-demand, to schedule date, time, and frequency of scans as you want (Black Box test, Basic Authentication, and Login Sequence).
Organizations can add as many assets as they would like for scanning.
Comprehensive and cumulative view of all vulnerabilities identified through security testing process, including automated rescans on all impacted assets.
Includes vulnerability description, CVSS score and vector, remediation recommendation, assets impacted, vulnerable URLs, and a proof of concept (POC).
Flexibility to easily preview or generate reports based on selected reporting module.
Reports can be generated for one or all modules including ASM, Web Scans (Subdomains and an Asset Group of a Subdomain type) and Network Scans (IP Addresses and Asset Group of IP Address type).
All assets and asset groups are managed in the Asset Inventory dashboard.
View asset, asset type, asset label (whether it was auto discovered or manually added) active or not active status, and category (patched, unpatched, or False Positive).
Add an asset (subdomain, domain, or IP address), create asset groups, and import multiple assets.
Gain a real-time, comprehensive view of your penetration testing scope, the stage of the pentest or retest, and timelines such as start date and end date.
Obtain an overview of each pentest to gain further information about the pentest and retest status.
The Dashboard view is part of your Asset Management process that identifies on a real-time basis, the IT assets that the user’s organization owns and the potential security risks and vulnerabilities that affect each asset.
The Dashboard can also be viewed by executives to look at and identify their risk exposure and take informed decisions on which asset to remediate first.
Presents a rolled-up view of each vulnerability identified, the type of vulnerability or name and associated severity risk, when it was identified or discovered, the number of assets affected by that specific vulnerability, and the ability to create a ticket to request support.
A Proof of Concept or POC is included for each vulnerability to demonstrate it exists, where it was found, and is evidence that the vulnerability is not a false positive but actually a high risk to the organization.
The Schedule and Retest features reveal a real-time, absolute transparent view of your penetration testing scope, pentest configurations, and the status of all pentests and retests.
The Retest feature instantly provides a real-time view of all pentest retests that have been completed, and pentests whereby the retest expired or hasn’t been run yet. For those pentests that have not been run, the retest can simply expire, or the dashboard will provide the user with the number of days left in which they can run their free retest.
