I bet you there’s no better way to view your security data

Written By Shannon Simpson

Here’s a challenge for you. If you can show me another platform, software or service that allows you to view, in one pane of glass:

  • all of your penetration test results across all of your applications, network hosts, virtual hosts, cloud environments and systems

  • all of you vulnerability scan results across all of you applications, network hosts, virtual hosts, cloud environments and systems

  • risk and business prioritised remediation actions by system and delegate

  • a scoreboard of which fixers and remediators are making the most impact in securing your business

  • a chatboard for pentester and fixers to discuss issues and fixes

  • an achievements board for rewarding the efforts of fixers/ sysadmins

  • a dashboard to track risk-reduction and risk-acceptance by individual risk owner

  • a dashboard to track average time to fix

  • a dashboard to track overall risk by Total CVSS score and risk-based penetration issues

  • whether or not you will pass CE, CE+ or PCI (from a vulnerability aspect)

with the level of detail that PLANETPENTEST does, then I shall eat an object of your choice butt-naked in the snow.

Just to give you a fair chance, and for full disclosure you should be aware that PLANETPENTEST show’s ALOT of data: See below

Close up of a planet(host) on PLANETPENTEST. (IRO = Individual Risk Owner)

And it does this for any kind of host, system or environment. Like below:

Multiple environments shown on a single pane.

It will also show you the needles in the hay stack for 1000s of hosts (planets, IP address etc). Like below:

A view showing insecure hosts in a galaxy of 3000 planets.

All of this data is injested from mutliple sources (primarilary from your penetration test partner*) and shows the latest state of play meaning you’ll be able to see:

  • whether patches and fixes have been implemented

  • whether issues and vulnerabilities are recurring

  • who is acting reactively and proactively

  • where and if your resources are being deployed in the most effective way

  • a full inventory of all scanned assets

  • which assets have been scanned but not tested (and visa versa)

  • which assets are due a scan or test (or have been missed)

  • where risk responsibility lies between departments and teams(or maybe between client and MSP)

…and that’s just to start with.

So as of this date, I don’t believe you’ve got a chance of winning. I think, in the small chance of us getting any snow, I’ll be safely at home, trousers up, with a cup of tea for sometime.

(* currently PLANETPENTEST injests penetration test results from a limited number of reporting tools. We’re keen to build out the list and will write APIs for your reporting tool - just get in touch)

Shannon Simpson
Previous

Visually highlighting flaws and vulnerabilities - how to tidy your universe
Next

Increasing the relevance and value of Penetration Testing (why don’t people fix issues?)