Maximizing Efficiency with Plex AI, Scheduler, and Real-Time Collaboration

Transcript

Hey everyone, Dan DeCloss here, founder and CTO of PlexTrac. I am super excited to talk through some of the new features and functionality that we are releasing here in May. It’s super exciting to share with you some of the cool things that are coming out, particularly around how we are helping your lives get better and being able to spend more time on the most important issues and automating as much as we can behind the scenes and keeping you focused on finding critical security issues, fixing critical security issues, and collaborating on all the elements around an engagement for proactive security.

So without further ado, I’m really excited to announce that PlexTrac is the first pentesting, reporting and management solution to offer an AI assistant. We are calling it Plex AI. This helps teams write reports faster, helps automate the report writing as much as possible, because we get that question a lot. “Hey, can you just write the report for me?” in somewhat of a joke. But seriously, we are actually now able to help you automatically write the report based on the findings that exist and the data that exists in the engagement. So that’s what I’m excited to show you a little bit about.

There is a previous video, but this is just to kind of highlight how convenient this can be. As you can see, we’ve got a report here filled with findings already, a variety of criticals, highs, mediums and informationals. And so one of the nice things about Plex AI is that we can help automate the write-up of a finding. So if we come into a finding and we have given it a title, this can be any title. I’ve selected a CVE just for demo purposes, but it can be any title. And what the AI assistant will do is it will actually generate a description based on the finding title and any other metadata that exists within the finding. As you can see here, this CVE is related to a Jetbrains TeamCity issue.So we can fill that in and now we can come back into the finding and help polish it up, you know, make it, make it fit with the screenshots and everything that we want to do. So that’s really exciting. And it helps. It helps just automate as much of the reporting process as possible.

The other really cool thing about the Plex AI solution is that it also helps summarize the findings from the reports, and you can actually have different sections in the narrative be generated through the AI assistant. So for example, we have a variety of findings in the report. We can use the AI engine to provide an executive summary and if we don’t like this, we can actually regenerate it to provide additional details and information that we might want to use as a starting point for, for the executive summary, additional information around the recommendations, the top five issues, which I’ll be able to demo here as this generates a narrative section here.

Give it a second and see. Now we can insert and replace this and it has a nice detailed executive summary. If we don’t like this, we can always edit it, but it gives us a starting ground, a starting place to work from, which is really nice from a collaborative feature. It can also provide recommendations based on the report. And this is taking the summary data from the report itself and using it in our private model. It’s a secure by design model for AI. And so as you can see here, here’s some generated recommendations that we can use to help automate the reporting as well.

And then also, if we wanted to say, hey, what are the top five issues out of this report? It takes that information and provides a recommendation of the top five issues, and then you as testers and security teams can come in and edit this to your desire. But it’s a really exciting feature around AI and the springboard and foundation for everything else that we want to do regarding AI and the platform. So there’s a lot more exciting stuff that we now have paved the way for. So stay tuned to see what we’re going to be doing from an AI perspective.

So you’ve now seen that we’ve used our AI engine to automatically write some of the content for the report, which gives a great starting ground for finalizing the report. The next feature and functionality that we’re excited about to help stay collaborative within the report writing experience is our real-time collaboration module that we have just now released. Really excited about this. This gives you that true Google Docs-like experience.

As you can see, I now have the notion that I have two people logged in here into the report, and so I can be editing, I can be editing this section of the report, and if I come over here and I’m logged in as that other user, you can actually see my edits in real time and be able to collaborate effectively so that now you can have multiple people in the same sections of the same report editing all around. And so we really enhanced this capability to make it real time and collaborative, which just keeps everybody focused on getting the report written as quickly as possible, collaborating as quickly as possible, and being able to stay more focused on the actual testing and security remediation, which only leads to quicker and faster security posture improvement.

And finally, now that we’ve been able to save everybody time with writing the report, collaborating deeper on the report, getting that report delivered, you now have more time to do more testing. One of the biggest features that we’re also excited to announce today is our engagement management capability.

So this is the notion of being able to schedule engagements and see a list of availability which tying this all together allows you to schedule more engagements, get more work done, find more issues across your customer base or within your organization. So I’m really excited to show this off to you for now today.

So I’m going to show you a couple of different experiences that we have within the scheduler. So I am currently logged in as an analyst. And so this would be the notion of somebody that comes in and wants to request an engagement. And as you can see here, I can request an engagement for release. I’m just going to just say this and I’m going to say, hey, we’re part of a different business line you can have. This would be similar for the clients. I can select a desired date for the testing so that we want to let everyone know here’s when we’d like to test. We don’t have any issues in terms of when the testing window needs to take place, but you can see we have some options there. We can say, hey, this is going to be a web application. I can fill out additional information. I can give it a scope. I can say PlexTrac.com. I can provide any other information that I want to regarding the scoping. I can also attach artifacts or files related to this engagement. So something like a network diagram or additional questionnaire, questionnaire that might have filled out or encrypted file for credentials, anything like that.

So when I submit this, I now see that I get some information around, hey, this is when it’s pending. This test has been pending, meaning I’ve requested it to be. I’ve requested for the test to occur and now someone on the management side of the testing team can come in and review that engagement and actually get it scheduled. So I’m going to pop back over to this scheduler with the management view now and you can see that we have been, we now see that this is a pending engagement on our view.

So what we can now come in is actually begin to schedule the engagement and include it as part of our testing windows. So here was the requested information. As the manager I can edit this and add our augment to it as I see fit. I can add additional files or see the files that would have been uploaded previously. I can also now create the report because, obviously, we love being able to report as we go as testers. I can select the report template, the findings layout. If we’re using classification tiers, I can use that.

I can also set reviewers to whomever I would like to do it, and I can tag. So this is all information related to a standard report in PlexTrac. And this is what it’s doing is it’s tying the engagement to the report. And then I can also finalize the dates in which we actually want to be testing. So you can see here that they’ve requested these engagement dates, but I’m going to actually change it to the following week because that’s who’s available for a web app pentest. And we’re going to go ahead and put myself there. But you can also note that we can see different people’s availability.

Go ahead and save this. And so now you can see that it’s actually scheduled for that following week. And if I come in, I see the details and then I also see the report. Now, if I had changed the title of that, I could have done that in that scheduling phase. But you can see that this is a really nice experience for, for being able to not only visualize the schedule, but also see the different statuses that they’re in. So if we have any in progress or in review or even reports that have been completed, we can see that in a calendar view as well as a list view. So if I wanted to see all of the listing of engagements that are in various phases, I can see that in a list view.

And then the nice thing that the manager has view into is the availability of testers. So this is really exciting from the notion of being able to do more engagement management capabilities, scheduling testers when they’re available. And as we kind of tied all these features in this release together, it really allows us to stay focused on getting more work done and cutting out as much of the menial manual tasks as possible. So we’re really excited about this release. Check us out at PlexTrac.com. If you want a demo, submit a request and we’ll be excited to show it off for you. Thank you very much.