Demos

Attack Surface Analytics

• Discover a detailed analysis of all your assets to gain an overview of your inherent security risks in one screen.
• Filter target assets: domains, subdomains, IP address and IP blocks, and technologies to drill down and gain valuable intelligence about each asset.
• Find out which WAFs are enabled or disabled and the provider used, if an IP address is reachable or unreachable, which security certificates are active or inactive, or if you are using the latest version of TLS used, and more, to understand your inherent risks.

Azure DevOps, ServiceNow, and GitHub Integrations

• DevSecOps teams can address issues identified in BreachLock scans in real-time, seamlessly and effortlessly.
• Quickly access and act on the latest vulnerabilities without manual intervention, reducing lead-time for issue tracking.
• Centralize vulnerabilities and affected assets for prompt action and faster remediation, protecting assets from potential attacks.

Attack Path Validation & Mapping

• A comprehensive visualization showing the connections between different nodes representing assets, vulnerabilities, and the potential path an attacker may take.
• The domain is the core node on the attack path view and includes all domains, discovered subdomains, associated IP addresses, and identified vulnerabilities categorized by risk.
• Identify chokepoints or nodes that serve as pivotal points in multiple attack paths to prioritize remediation efforts on these nodes to immediately disrupt potential attacks.

Security Testing Overview

• Real-time, absolute transparent view of security testing environment and results.
• Easy consumption for CISOs and a holistic representation of exposed assets with specific vulnerabilities.

Attack Surface Management

Asset Discovery & Data Breach 

• Asset Discovery feature includes all assets discovered in Domain Discovery scans, or manually added into inventory, including details of associated vulnerabilities.
• Data Breach is user exposure within the domain on the Dark Web both with and without a password.

APT Scans

Continuous Security Testing

• Assets discovered for subdomain, IP address and/or asset group.
• Ability to initiate domain discovery or data breach scans, live or on-demand, to schedule date, time, and frequency of scans as you want  (Black Box test, Basic Authentication, and Login Sequence).
• Organizations can add as many assets as they would like for scanning.

Continuous Security Testing

Scheduled Scan Overview & Reporting

Scan Status

• Real-time cumulative view of scan status whether completed, in progress, scheduled, pending, or failed
• View asset details and vulnerabilities for scheduled on-demand scans
• Includes Domain Discovery & Data Breach scans on a domain(s), a web scan on a subdomain(s), and/or a network scan on an IP address(es)

Continuous Security Testing

Scheduled Scan Overview & Reporting

Scheduled Scans

• View all scheduled scans in one overview
• Cumulative view of scans that are completed or are scheduled
• Users have the ability to pause or resume a scan, or terminate a scheduled scan

Continuous Security Testing

Scheduled Scan Overview & Reporting

Reports for Completed Scheduled Scans

• Immediate reporting for all completed scheduled scans, whether ASM, web, or network
• No more searching for or requesting scan results
• Version reports based on your preferred scheduled frequency
• Track changes across different periods, offering deeper insights for thorough audits

Vulnerabilities

• Comprehensive and cumulative view of all vulnerabilities identified through security testing process, including automated rescans on all impacted assets.
• Includes vulnerability description, CVSS score and vector, remediation recommendation, assets impacted, vulnerable URLs, and a proof of concept (POC).

Reporting

ASM, Web Scan, Network Scan

• Flexibility to easily preview or generate reports based on selected reporting module.
• Reports can be generated for one or all modules including ASM, Web Scans (Subdomains and an Asset Group of a Subdomain type) and Network Scans (IP Addresses and Asset Group of IP Address type).

Asset Inventory

• All assets and asset groups are managed in the Asset Inventory dashboard.
• View asset, asset type, asset label (whether it was auto discovered or manually added) active or not active status, and category (patched, unpatched, or False Positive).
• Add an asset (subdomain, domain, or IP address), create asset groups, and import multiple assets.

PTaaS Overview

• Gain a real-time, comprehensive view of your penetration testing scope, the stage of the pentest or retest, and timelines such as start date and end date.
• Obtain an overview of each pentest to gain further information about the pentest and retest status.

PTaaS Dashboard

• The Dashboard view is part of your Asset Management process that identifies on a real-time basis, the IT assets that the user’s organization owns and the potential security risks and vulnerabilities that affect each asset.
• The Dashboard can also be viewed by executives to look at and identify their risk exposure and take informed decisions on which asset to remediate first.

PTaaS Vulnerabilities

• Presents a rolled-up view of each vulnerability identified, the type of vulnerability or name and associated severity risk, when it was identified or discovered, the number of assets affected by that specific vulnerability, and the ability to create a ticket to request support.
• A Proof of Concept or POC is included for each vulnerability to demonstrate it exists, where it was found, and is evidence that the vulnerability is not a false positive but actually a high risk to the organization.

PTaaS Schedule & Retest

• The Schedule and Retest features reveal a real-time, absolute transparent view of your penetration testing scope, pentest configurations, and the status of all pentests and retests.
• The Retest feature instantly provides a real-time view of all pentest retests that have been completed, and pentests whereby the retest expired or hasn’t been run yet. For those pentests that have not been run, the retest can simply expire, or the dashboard will provide the user with the number of days left in which they can run their free retest.