CISO Overview - PlexTrac

Transcript

The PlexTrac Platform is a system wherein organizations can report on, manage and collaborate with the data and artifacts from security, assessment and testing. Further, the platform afford fords insight and oversight and the ability to associate findings and assets with users which affords accountability. The analytics module allows you to query and set up reports based on fields for assets and findings. This is a demonstration query I built that demonstrates the difference between quarter one and quarter two pen test for Megacorp. We see a quick snapshot of the difference in findings based on a date range. On the right hand side, we can see multiple fields that can be used to query data. We’ve got Finding and Asset Criticality as well as different tags.

At the bottom, we see a snapshot of the findings per engagement.

We also notice that the most critical findings are bubbled up here and can be actioned on. We’ll look at those shortly. Trends in SLA’s module allows us to associate a time frame or threshold wherein findings and assets can be reported on. Here’s an example of a date range and the number of closed versus open findings. These also allow you to utilize tags as well as client and other ways to filter the data. In this, we have an SLA that demonstrates showing findings based on their approaching the threshold. And we see that we have four findings that have exceeded the critical SLA.

These SLAs are all configurable. Here’s an example. You can create your own and decide after you name it, the number of days, the finding tag and criticality or asset criticality or tag you wish to alert on, as well as the outcome of the alert. Do you want to notify how many the reminder, threshold and recipients, et cetera.

Looking into the guts of an actual penetration testing report, we can see that we have an opportunity to recognize findings associated to assets and a narrative. This data can all be exported into a format customized for the organization. When we look into a finding, we notice we see the expected data, evidence that’s been pasted in a description. I’ve even attached a video. Here we have affected assets and recommendations, et cetera.

We have the opportunity to work within Findings and have a status tracking capability. Here we can create a link with Jira or ServiceNow and initiate a bi directional push and pull wherein the status of Findings can create Jira issues and Jira issues can then update the status withinkPlexTrac. Further, within platform, without any integration, we have the ability to add statuses.

I’ve also created some statuses in the event that close could be a false positive or risk accepted. The substatuses are all configurable and we now have a timeline of historical data related to the status of these Findings. I’m going to open this back up, select the user and say it’s new. Again, we also see the capability to collaborate on Findings. Editing this finding we notice that we have the data you would expect all editable and configurable. We also noticed there’s comments and changes. If we’re so inclined, we can create a comment and associate it to the finding.

Further, if we want to track changes, we can do that. This is all controlled by role based access control wherein if we want to limit the ability to accept delete, changes or comments, we can’t. The entire PlexTrac system is wrapped with very granular role based access controls. The role based access controls can be controlled down to the client level or at the tenant level.

If you notice assets, you can see expected data, in this case the assets and IP address. It could be an application name, it could be a building really whatever you want to put here.

Looking into the asset, we can observe expected information and metadata, data owner and system owner, all of these are configurable. Here we see the related findings, ports, protocols and services, and the abilities to add notes.

We can tag assets and edit assets, assign criticality and put in data and system owners all valuable fields that could be used for querying.

Looking at the report, we notice our narrative section. This section contains the data that you want of your report to contain as far as sections and titles. It’s all template to be reused later and within this view is also moveable.

We can see that we have our sections laid out as we see fit. We can add comments or add sections as well. The readout view allows us to come in and see the sections of our report and also read through and interact with the findings.

The PlexTrac platform provides a single pane of glass for organizations to be able to review the security posture of assets and findings under their purview.