If you’ve been following along, you’re aware of our recent Ethiack 2.14 launch where we've unveiled major upgrades to our product.
One of those upgrades is the Beacon, which allows you to connect our AI Automated Pentesting to your internal assets. This helps you improve your security posture by making use of our powerful technology without additional agents or physical hardware.
Today we’re going over why the Beacon matters, the problems that it solves in your security posture, and how you can implement it.
The Problem with Testing Internal Assets
Testing external assets can be quite easy when you compare it to internal assets. After all, they’re accessible from the internet and scanners can easily find them. However, internal assets usually require special networks (VPNs) to be accessed – or by exploiting and escalating vulnerabilities in your external assets.
At the same time, internal assets often hold the most critical business information: intellectual property, code repositories, and other key business data. Having them compromised is an enormous threat to your organization.
So this turns into a dilemma: these assets are extremely critical for the organization, while at the same time being hard to test on a regular basis. And that leads us to The Beacon.
Using the Beacon in Practice
Unlike external assets, where you select the assets you want to test from a list, the Beacon requires a different setup.
After successful configuration, you’ll be able to add private IP addresses or subdomains to be tested with a beacon. Multiple beacons can also be configured, for different network segments.
Once selected, the Artificial Hackers will start testing them for vulnerabilities and any new alerts will be added to your Dashboard.
Having coverage of internal assets greatly increases your security posture. The reason is that, in the event of a compromised external asset that allows the attacker to access your internal network, it’ll greatly reduce the chances of them being able to find additional vulnerabilities in your infrastructure.
It can even prevent internal risks: Hardened defenses reduce the potential damage if a rogue employee attempts to exploit vulnerabilities.
Overall, it’s essential to reduce the potential of ransomware, data losses, and service hijacking.
Get started with Internal Asset Testing
By now, I’m sure you’re more than convinced about the importance of implementing internal asset testing. So I’d like to lay out what you can do next:
- If you’re not already registered in the Portal, click here to create your account and start your 30-day trial.
- If you’re interested in testing the Beacon and activating it in your account, schedule a call with our sales team. They’ll guide you through the steps.
- Once activated, follow the steps in our Knowledge Base or reach out to support in case you have further questions.
- You can also check the tutorial below and follow the steps on how to start testing with the Beacon.
And that’s it! Time to test every corner of your attack surface.
Stay secure!