Skip to content
NOW AVAILABLE Feature Release! Learn About Our Enhanced Capabilities for Prioritizing Remediation Learn more >>

VIDEO

PlexTrac for Continuous Threat Exposure Management (CTEM)

We’re excited to introduce PlexTrac for Continuous Threat Exposure Management (CTEM). PlexTrac already enables you to consolidate security data from both automated tools and manual testing for full visibility of your attack surface and it helps you prioritize findings, but now our platform goes even further. Watch this demo video to see how our new capabilities (like procedures, asset management, workflow automation, and more) enable you to manage your risk by evolving into a continuous approach to security that aligns with the CTEM framework. 

Series: PlexTrac Demos

Category: Asset Management, Pentesting, Product Features

   BACK TO VIDEOS

Transcript

We’re excited to introduce PlexTrac for Continuous Threat Exposure Management also referred to as CTEM. Our new capabilities enable you to manage your exposure your risk by evolving into a continuous approach to security that aligns with the CTEM framework. We do this by consolidating security data from both automated tools and manual testing. This gives you full visibility into all of your exposures across your attack surface. Then from there we automatically prioritize remediation by business risk. This automation will allow you to mature your remediation workflow and speed time to fix, right, that ultimate remediation that you want to get to.

So let’s take a look at how this is done. Let’s talk about procedures. Procedures can now be added into your report and this means that you can leverage pre-built test plans again and again to ensure that your test coverage is optimized. So what you can see here is that each procedure can be oriented or even your full test plan can be oriented around methodology such as MITRE or a custom-built framework that you’re looking to follow. So from here you can also find easy tools for promoting a procedure to a finding and once that happens you can communicate directly to your customer or your organization. our tactics coverage will allow you to assess the effectiveness of your procedures and then compare and contrast that to again those finding. So how many things do we have to communicate versus how many things we did to get to those findings. And this tactics coverage can be customized to the framework that you’re using leveraging our runbooks repository.

Next let’s talk about assets. What you’re seeing here is our new assets management module and this feature alongside our findings will enable Exposure Management in PlexTrac. What you see here is an improved experience for managing your entire attack surface, whether that be bulk actions and sorting to help you make the right edits to maintain the accuracy of your attack surface or finding the total number of findings on your most critical asset in your organization. The next area of enablement for CTEM is findings. Our all findings module will allow you to aggregate your findings view across all of your tools that are ingested into the platform as well as those that come from manual pentesting so this this feature here as you can see is allowing me to assess the total unique issues either my client or my organization might be facing as well as the ability to assess the reoccurrence of those issues overtime. Alongside monitoring that gives you that visibility again in that continuous fashion of understanding the severity of those issues over time that you’re facing.

The next area of CTEM enablement is around prioritization and what you’re seeing here is our custom contextual scoring this feature allows you to create a custom score that will help you elevate the priority of issues found in your organization or those issues you need to elevate in priority when communicating to your client. As you can see you can also leverage our out of the box equation to get started. Whether you want to use our equation or customize over time multiple equations can be built and leveraged depending on your workflow and then once they’re set they’ll be automated through all of those findings. Again, just getting into that bubbling up of the most important issues.

Once you’ve configured your contextual scoring the next area of CTEM enablement is workflow automation. Our workflow automation will allow you to define rule sets to build automated workflows such as automating your retest. your validation workflow or just helping you to speed up your Remediation Orchestration. In this example you can see here our trigger is a report finding being created we can add additional details like when a report finding is created and the likelihood an impact is X or the asset count is another variable. We want to make sure we are elevating things that have a high number of assets impacted.

Then from there we move on to the action and this this example we want to assign the report finding to a defined user or we may also want to send an email and we can provide some email content here. Now as I mentioned this would also include the ability to set up a trigger to send to Jira to help with that remediation orchestration.

To close PlexTrac for CTEM will transform your security operations by centralizing your data so that you can continually assess your attack surface auto prioritize your remediation efforts in a way that aligns with your business priorities and all of this is really just to get you to that state of speed to remediation by streamlining and automating your workflows.