Pentesting has evolved from manual, to crowdsourced, to automated, and now autonomous.

In order to continuously verify your security posture. Are you secure? How do you know? Don’t wait for a breach to find out. Continuously test your security posture to ensure no exploitable vulnerability, misconfiguration, or harvested credential could leave you vulnerable. External pentests evaluate your external facing assets to identify how an adversary may be able to identify and exploit weaknesses to enter your network. External penetrations tests identify attack vectors that include; • Open ports and misconfigurations that allow an attacker to enter the network. • Unpatched vulnerabilities that can be exploited to all access to unauthenticated users. • Shadow IT projects that expand the attack surface.

Manual pentesting requires a trained security resource using commercial and specialized tools to explore an application or system and identify weaknesses. The effectiveness (and cost) of a manual pentest is dependent on the time allotted to the test and the skill of the pentester, leading many organizations to save costs by providing credentials to pentesters. While the results are much cleaner than in an automated pentest, remediation advice is often limited. Further, the high cost of manual pentests prevent organizations from using them frequently, such as after a system is patched to ensure the update was completed correctly.

Automated pentesting is a simple “point and click” approach using commercial dynamic analysis tools. The tool is provided a URL or IP address and spiders the application to identify fields where a malicious user could input data. The tool then “fuzzes” data to the fields to attempt to prove the presence of input validation weaknesses that could be exploited by a skilled attacker or overwhelm the application in a denial of service attack. These tests normally run in a day or two and generate much “noise”; unproven results that defenders must research to determine if they require remediation.

Crowdsourced pentesting includes manual pentests, but rely on a network of independent security researchers who are paid “per vulnerability identified” (plus a platform fee to the vendor). Crowdsourced pentests have the advantage of being open ended, meaning – in theory – you can have people searching for issues every day for months. They can be quite expensive if there are large numbers of vulnerabilities, and findings often lack proof of exploitability (e.g., unpatched systems, open ports, etc.) leading development teams to spend time on non-critical issues.

Autonomous pentesting combines the benefits of automated pentesting; more frequent testing, lower costs, and no requirements for internal security expertise, with those of manual pentests; more complete coverage of the application and proven exploitability. Autonomous pentesting does not require credentials to start. It can chain together weaknesses like a skilled adversary and automatically generate attack trees to isolate the root cause of an exploit. This allows defenders to understand precisely what changes are needed to protect an application.

How NodeZero works.

Reconnaissance. Any successful attack requires intelligence on the target. NodeZero starts with unauthenticated access to the system, then creates a Knowledge Graph, identifying all hosts, misconfigurations, open ports, and searches for credentials.

Impact. NodeZero identifies and reports on data at risk across physical and virtual environments it was able to access with read/write privileges, including SMB shares, NFS shares, FTP shares, cloud storage, vCenter servers, and databases.

Maneuver Loop. NodeZero orchestrates over 100 offensive tools to harvest credentials, exploit vulnerabilities, and exploit default settings and misconfigurations to execute attacks.

Verified Attack Plans. To simplify prioritization and remediation, results are provided as “Proofs” with graphical and textual representations of each step in a successful attack. This includes which tactics were used, which weaknesses were identified and exploited, how credentials were obtained, and the paths taken to gain privileges and access to systems.

Contextual Scoring. NodeZero evaluates and prioritizes each weakness by its role in the successful attack – not by base CVSS score. Organizations can quickly identify those weaknesses that present the greatest threat and must be addressed immediately, and which can be safely deferred.

Actionable Remediation. NodeZero provides precise and actionable remediation guidance, allowing security and operations to resolve issues at the root cause quickly.