CyVision.net is cybersecurity, simplified

Smarter. Faster. Cheaper.

CyVision.net is a cost-effective, nimble, adaptable and automated network visualization and modeling tool that helps system administrators manage endpoints proactively and defend their cyber-environments from a wide variety of attacks in a way no other tool does, utilizing open and agnostic architecture.

CyVision differentiators

  • We combine multitudes of data sources, correlate that data, perform analysis and visualize to detect and illuminate adversaries and vulnerabilities.

  • We have automated about 90% of vulnerability assessments; 60% of Pen Tests - assessing all implemented information security controls as frequently as needed using manual procedural methods is impractical and unrealistic due to the sheer size, complexity, and scope of their technology footprint.

  • Firmware scanning – deep dive into a spectrum of firmware for Windows, Linux, VM, Cisco and Intel.

  • We automatically calculate the consequence of a vulnerability (following the NIST Risk Equation) and thus create a prioritization of vulnerabilities requiring remediation.

Traditional Pen Test vs. CyVision Plus Capability

A penetration test is an authorized simulated attack on a computer system, performed to evaluate the security of the system. The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths, enabling a full risk assessment to be completed.

The process typically identifies the target systems and a particular goal – then reviews available information and undertakes various means to attain the goal. A penetration test can help determine whether a system is vulnerable to attack if the defenses were sufficient, and which defenses (if any) the test defeated.

The goals of a penetration test vary depending on the type of approved activity for any given engagement with the primary goal focused on finding vulnerabilities that could be exploited by a nefarious actor and informing the client of those vulnerabilities along with recommended mitigation strategies. Penetration tests are a component of a full security audit.

Let’s be specific

Traditional penetration tests include reconnaissance and technical vulnerability identification and exploitation. The exploitation phase is a manual phase verifying the validity of vulnerabilities identified during an earlier phase of the engagement. CyVision with associated technologies has automated the technical vulnerability identification phase.

pentest_cauldron.jpg

The table on the right is a breakdown of the functions of traditional pen testing.

It is important to remember that data gathering is a critical function, yet a task that does not require a Subject Matter Expert (SME).  The integration of varied data sets is a critical SME activity. The larger and more complex the environment, the more time consuming this task may become.

CyVision Plus automates the data ingestion process and provides the SME with functionality to accelerate analysis and reporting.

In addition, traditional penetration tests have an open source reconnaissance phase (OSINT). The OSINT is foundational work that provides information on things like possible technologies in use, login credentials, organizational structure, personal information, etc. Besides aiding the technical attacks, some of this recon information can be leveraged for phishing attacks. Finally, most of the reports for a traditional penetration test are created manually to capture the additional information gathered during the manual field work.

The CyVision Plus Capability does not include any of the manual field work, which includes OSINT, gaining access, maintaining access, obtaining artifacts, and clean-up. CyVision Plus leverages vulnerability scanning information to provide the client with host discovery, and vulnerability identification.

Topological vulnerability analysis is what separates CyVision from other technical vulnerability solutions. An added capability to the CyVision process is identifying potential exploits associated with the found vulnerabilities. CyVision Plus does not attempt exploits. Therefore, CyVision Plus only identifies possible exploits, but cannot validate their usefulness.

The CyVision Plus reports are automated because they do not rely on any information obtained through manual processes.

The manual field work is the reason a traditional penetration test takes three to four times as long to complete compared to CyVision Plus. A traditional penetration test engagement typically is scheduled for 120 to 160 hours. CyVision Plus takes approximately 40 hours to complete. The majority of these hours involves validating the reports because we want to provide accurate and valuable information, so the client can perform remediation activities efficiently.

To arrange for a demonstration of CyVision, e-mail Jack Touhey (jftouhey@clinicalsecurity.net) or call him directly at 401-480-9224.