Here at NetSPI, we see firsthand the struggles enterprises face to fix vulnerabilities. It’s concerning when our pentesters and customers continue to find the same vulnerabilities that have yet to be remediated – at the same client, year after year.
The struggle faced by enterprises in managing vulnerabilities is not limited to manual penetration testing results. Scanners find millions of vulnerabilities in our customer environments, and we see the sheer volume overwhelming their remediation efforts. Even if 99% of assets can be fixed within a reasonable time-frame, a dangerous window of opportunity is allowed to persist if the last 1% lingers.
We’re taking action to help our customers solve this challenge. Fortunately, we have a solid foundation from which to tackle the problem.
Our own penetration testing platform, NetSPI Resolve 6, was built for the purpose of managing our own penetration testing process. The Resolve software platform has given NetSPI the competitive edge in pentesting by allowing our pentesters to spend more time on testing and less time on overhead tasks.
Resolve works by:
- Ingesting vulnerabilities from any source: scanners and manual pentesting reports
- Normalizing the definition of the vulnerabilities to a standard rubric
- Correlating the vulnerabilities to de-duplicate and compress the findings
- Automatically generating reports
Customers have approached us about whether they could use Resolve in their own environments to help them conquer their challenges. We agreed. Since that time, we’ve licensed the use of the Resolve platform to the benefit many organizations, especially those with pentesters.
Now we’re taking the next step. You see, Resolve wasn’t built for vulnerability management and orchestration, which is the key need facing the majority of our customers.
So we’re leveraging the great features of Resolve 6 we at NetSPI use to manage pentesting and expanding the platform to serve the larger vulnerability management and orchestration market. For the past year, we’ve been rebuilding the Resolve platform for the next generation, Resolve 7.
Resolve 7 will be a service-oriented architecture that scales to the massive data needs of our customers. It will be web-based, using a virtual appliance for easy deployment. We are adding more administration features, such as field-level role-based access control (RBAC) permissions, granular security groups, and single-sign on (SSO) support, to make the platform enterprise-ready out of the box. We’ve added a vulnerability orchestration component with an integration engine to complement the powerful vulnerability correlation engine. And we’re building a new user interface with expanded capabilities for reporting and business intelligence visualizations.
We’re building Resolve 7 for you – so you can help stem the tide of your vulnerability flood. We’ll showcase new features of Resolve in coming posts, so stay tuned.