INTERACTIVE TOUR
REQUEST DEMO
Go to my account
Search
Search
Edgescan on AWS Marketplace: Seamless Security Testing, Natively Integrated with AWS
READ THE BLOG

RETURN TO WHITEPAPERS

A Journey into Smart Vulnerability Management War Room

Introduction – A Peek Inside the War Room

Throughout the Edgescan Thought Leadership series, we have been looking at innovative ways for the Enterprise to exercise “Smart” approaches to managing their Vulnerability Management (VM) and Attack Surface Management (ASM) programs. We have seen the benefits of a full Stack VM program leveraging a hybrid model with human validation and remediation expertise all integrated into one single platform and communicated on only one single touchstone of truth. In this paper, we turn our focus inwardly specifically to the Edgescan Platform itself and environment of the Expert Security Consultants and take a virtual tour through the optimal “War Room”. We lead with a provocative question – what if you, the CISO, had the ability to create the ideal war room to make your enterprise secure? Well, as we shall see, the founders of Edgescan were not only poised to answer this provocative question — they actually built the solution. Let’s take a dive into their war room and learn from their example.

Back to the Future: 2014

The initial idea and start of the prototype started in 2014 and the first viable version was created a year and half later in 2016 and the first enterprise-ready version was launched in 2017. And so, while it took three years to build the solution, it was over 30 years of combined in-the-trenches Enterprise security consulting of both founders that fueled the entire approach.

“If NASA built a Smart Vulnerability Management War Room – What it would look like?”

Core Innovation Orchestration

Over 30 years of combined security consulting experience produced a considerable list of everything that needed to be integrated into a single platform. Orchestrating the integration of all of the data fed from the evolving attack surface and the vulnerabilities from each IT layer proved to be the core problem to solve.

Some of the high-level orchestration components include:

  • Full Stack Orchestration scanners had to be tuned for each layer from web apps to network to APIs.
  • Human Intelligence Integration in order to achieve both scale and depth the scale of tuned automation scanning needed to blend and balanced with expert human remediation and false positive removal.
  • Continuity The assessments themselves had to be continuous or on-demand and unlimited.
  • ASM and VM Convergence -The continuous scanning both for vulnerabilities and the attack surface identification had to be converges into one.
  • Alerts The system needed to generate metrics both for security alerts and business-ranked intelligence across every layer into one unified interface.
  • Administrative Layer each client needed a dedicated instance of cloud control with each connected to a virtual machine to support non-public facing assessments. A dedicated tunnel from Edgescan to each client serving scanning data and validation and assessment data.
  • Client Privacy the client needed to actually control access attributes for their situation so they essentially can control what Edgescan can see.
  • Client Operational Integration – Client connects using APIs (e.g. dev ops or automatic assessment project).

The fundamental insight for the Edgescan War Room was a master bus orchestrating all the data types across the entire IT stack.

Best of Both Worlds – Human Interpretation and Automation

One fundamental requirement was the need to deal with the noise generated even with tuned scanners for each IT layer stack. Traditionally noise (i.e. false positives) is a problem for automated scanning. The decisive solution was to combine human expertise to triage and remove the noise before the alerts were communicated to the client.

Capturing Client Individual Business Concerns

The goal from the start was to offer contextualized industry-specific intelligence. The war room was designed to deploy client-specific custom rules for vulnerability assessment. Expert validation comes into play to detect a logical weakness – something automation still cannot identify.

White Glove Service

The human side of the Edgescan War Room can initiate escalation workflows for ongoing, proactive security support. They can proactively alert the client about a huge ransomware attack and provide specific guidance. Human experts can set up reoccurring custom schedules to individually go through specific vulnerabilities, prioritize them within the client’s business context, and weigh options between complexity of the fix and severity of the issue.

“While the human experts within the war room primarily provide false positive removal, the Global 3000 Enterprise also has a trusted world-class penetration tester on their side via Edgescan.”

ASM Meets VM

Integrating automated attack surface scanning engines was equally revolutionary, and Edgescan has been delivering ASM since 2016. For without knowing what avenues of attack exist on an ongoing basis – the CISO is flying blind.

And Delivering Smart ASM to the Global 3000 Has its Own Challenges

Each Edgescan client has its own ASM solution. Leveraging the global cloud – one can work ASM from multiple locations simultaneously. Edgescan in AWS maintains a presence across the world. To speak to privacy concerns the data is held in multiple failover locations within northern Europe – where privacy laws are very strong.

Integrating ASM with Hybrid Full Stack VM Completes the Puzzle

The ideal war room was designed from scratch. The new paradigm integrates tuned automated engines with business contextualized alerts across the entire IT stack and integrates it with human validation and remediation for the client’s operation teams. By integrating ASM – the complete VM solution is now married to continuous and complete visibility of the evolving attack surface – the war room is complete.

“If you are only capturing incidents across a partial view of your entire attack surface, then the cards are stacked against you right from the start”

Cloud and the Complexity of Data Processing

Best of breed technologies leveraged include Cloud-based, Ruby on Rails web-application framework, and Redis in-memory data structures. The actual large volume and complexity of the data proved to be the largest challenge.

Early Bumps in the Road

Azure Cloud Computing Services proved not to be a fit as it was blocking legitimate traffic. A quick pivot to Amazon Web Services (AWS) remediated the issue.

Can the Engines Handle It Captain?

Redis was deployed because the volume of the data was a concern and the war room required the ability to access the data really quick. Data from multiple web app scanning engines and network scanning across all device types meant a large master bus with complex data types and large volumes.

Cost vs Performance

Costs for cloud computing services have gone up significantly (10X). The system was designed to auto-scale when one area was busy and move seamlessly from one instance to another as the traffic scales.

“We knew tying all vulnerability detection data sources into one seamless platform was the right approach – but then we had to solve the data volume and complexity issue when processing all it in a single master buss.”

Global 3000 Enterprise Requirements

The requirements list for the ideal hybrid VM solution against the needs of a Global 3000 Enterprise was broad and deep. Some highlights include:

Time Zones: Global means global so basically through staggered 100% in-house operations the service will follow the sun.

Disaster Management:  Resilient zones across Europe with a two to three second return to service after any failure.

Performance:  no lag for human operations.

Contextualized Alerts:  custom alerts that make sense for particular client needs and the industry they operate within.

Integration to Enterprise Support Systems:  ranked alerts are automatically communicated in format the client operational support teams already leverage (IM, Tickets, email etc.).

Prioritization of Assets:  the system had to be pre-built to allow asset types to prioritized against what matters the most to each client’s business.

Modular Platform:  the solution needed to be adaptable to accommodate clients who only need a sub-set of the services on offer or want scale to the full platform over time.

Client Self-Service:  Clients can configure what alerts network, web apps, API etc. and what locations (e.g North American server) get alerted.

“For the Global 3000 Enterprise, the ideal war room does not measure success simply by number of vulnerabilities identified but by the number getting closed.”

UX – Showing What Matters

Another requirement for the ideal war room was visual in nature. If all the continuous and accurate complete vulnerability intelligence data was not easily accessible, then effective remediation would be challenging. This new novel approach demanded an innovative User Interface to show what matters to each client.

We Won an Award!

It was extremely gratifying to win the Good Design Award for User Interface Design in 2020.

Not Simply a Beauty Contest

The main challenge was to display a high amount of information from scanning and identifying vulnerabilities and at the same time display exactly what the customers need to see. They needed to see what mattered to them in an environment free of clutter and non-essential information. This in turn has a dramatic effect on saving time and improve efficiency remediating important issues.

“The requirement was a matter of decluttering – show me what matters simply and quickly.”

Staffing up the War Room

The war room is staffed fully in-house and is located in Dublin. To meet the Global 3000 Enterprise requirements including follow-the-sun support the specialists all work in a remote fashion.

Layered Expertise

The war room is built with tiers of testers including:

  • Expert Penetration Testers with OSCP, CREST, CSP, GIAC Certifications.
  • Red Teaming Specialists.
  • Software Security Engineer Skills to provide pragmatic advice.
  • Penetration Testers with Secure Coding Skills.
  • Subject matter experts for specific technology stacks.

Team members are expert, seasoned penetration testers who also rotate on and off between Edgescan support and professional services.

Staffing Up Penetration as a Service (PTaaS)

A full-blown testing engagement can be carried out via the platform itself whenever the client requires it. The PTaaS offering allows for unlimited retests to assist with remediation and verify that the vulnerability is actually closed. The staff must be large enough to be available on demand continuously.

HR and the War Room Staff

Some relevant features of the staff makeup include:

  • World-Class Security Quality Skills
  • Continuous training
  • Churn rate is less than 3%
  • Morale is high – The Environment is a rewarding workplace working with the best of the best
  • Robust Onboarding Process to contextualize new members of the war room to the robust platform

“A world-class war room attracts world-class talent.”

The Future War Room

Edgescan has an equally aggressive and innovative product road map that will seek to harness even further security improvements leveraging new technologies and approaches including Artificial Intelligence and Crowd Sourcing Intelligence to name a few. Our vision is developed in concert with new requirements from our current Global 3000 client base as well as from industry leaders though our Advisory Council Program.

If you would like to extend this virtual tour to a live demo, please reach out to our team.

“The future is the shape of things to come.” (H.G Wells)