Pentesting has historically only had one deliverable, a file containing a list of vulnerabilities and how you find them. Traditionally, clients requesting a pentest will take this file, break it down into tasks, and send those to relevant teams. That process, which relies on one or two people who understand which teams are responsible for which assets and where they can delegate work, takes some time. That leaves those organizations open to vulnerabilities, which take even more time to fix after being distributed.
Today’s digital work management platforms means we can do better. And, with Cyver’s client insight feature, it’s even easier. Not only can you push vulnerability findings directly to relevant teams, as tickets which can be exported to work management platforms like Jira, you can offer added value to clients with longer-term vulnerability insights and metrics.
These include:
Findings by Severity – Map findings by severity, including CVSS rating, time-to-fix, and time remaining open. Vulnerabilities automatically move into higher risk when they’re left open for too long – giving teams an easier way to see and prioritize open vulnerabilities.
Risk Summary – Teams can see all open vulnerabilities and can see, at-a-glance, if there’s anything open to be fixed and what priority it should be.
Asset Management – Organizations can see assets with upcoming pentests, based on the testing schedule they set for the asset. Then, when a pentest is due, they automatically get a reminder to request a new pentest, with any new parameters as needed. Asset management also includes open findings per asset, making it easier to see where vulnerabilities are and who’s responsible.
Time-to-Fix Chart – Clients see open findings per pentest and per asset, mapped to time-to-fix. This allows teams to easily track when vulnerabilities stay open for too long, enabling better prioritization and a better focus on finding fixes.
Our new pentest insights feature is intended to empower organizations with more tools to track and remediate vulnerability findings. And, they allow pentesters to deliver more value to the client, without investing more into what you’re offering.