PentestHero delivers a platform, complete with findings as tickets, vulnerability management, and long-term pentest planning. As part of that service, you get “heat maps” or an automated summary of your cybersecurity risk, to track how pentest vulnerability findings impact your organization and in what ways.
This is a free service, delivered as part of our pentest-as-a-service platform. You get it automatically when you onboard with us, and we’ll push data to the platform as we find it. That also means you don’t have to wait for the repot to see findings, developers and compliance officers can immediately start working on fixes, and you’ll be able to quickly delegate work by pushing findings tickets to your own platforms like Jira.
The “heat map” feature is ideal for work prioritization, assessing scope of vulnerabilities, and otherwise seeing a top-level view of the pentest report.
Using the Risk Analysis Summary Heatmap
Our Pentest heat maps track pentest findings by criticality or severity of the finding and estimated business impact.
Criticality – We use CVES scores to map criticality to “Informational” (we’re just letting you know), low, medium, high, and critical. These scores are designed to rate the potential risk inherent in a vulnerability finding based on factors like likelihood of occurrence, ease of occurrence, skill needed to exploit, etc.
Business Impact – Business impact attempts to highlight potential business risks if the vulnerability is exploited. This changes depending on your industry and on any mitigating measures you might have in place. For example, a critical business impact might involve an exploit that allows a hacker to take your application offline.
A critical finding is one that is both highly likely to occur and that has a high business impact.
How to Use the Risk Analysis Heatmap
Our risk analysis summary or heatmap uses data our pentesters upload with the findings to automatically map out findings. This allows you to:
- Prioritize remediation. Critical vulnerabilities should always take precedence
- Delegate work
- See an overview of organizational vulnerabilities to get a better idea of where/how they occur
- Quickly see finding status by criticality for easier work management and delegation
- Use data to show non-technical stakeholders how findings potentially impact business
If you want to know more, or you’d like to see it in action and don’t yet have an account, feel free to request a demo. We’ll walk you through how PentestHero’s pentest-as-a-service platform fits into your business cybersecurity.