Vulnerability management is a crucial cybersecurity practice that helps organizations proactively identify, assess, prioritize, and remediate security weaknesses in their IT infrastructure.
Topic List
General
Autobahn Fit helps you save time and focus on truly exploitable issues by clustering countless vulnerabilities into prioritized, actionable remediation instructions.
The data is stored on servers hosted in Frankfurt, Germany (EU). We follow the highest standards in line with the European Data Protection Regulation (GDPR) requirements. We have implemented strict access controls, encryption, and other security measures to ensure your data’s confidentiality, integrity, and availability. Our policies and procedures are regularly audited.
Autobahn Security is the name of our company, and Autobahn Fit is our vulnerability management platform.
Integration
We’re offering a wide variety of inbound and outbound integrations, e.g. AWS, Cisco, CyCognito, Google Cloud Platform, Invicti, Jira, Microsoft Defender (Cloud/Endpoint), Microsoft Azure, Nessus, Qualys, Serviceware Processes, ServiceNow, Splunk, http://Tenable.io .
We’re constantly expanding our integration capabilities. Also, our tool offers a generic file upload for even more flexibility.
Autobahn Fit aggregates all findings in one platform, offering a single pane of glass for you to review your vulnerabilities. If the same issue comes from different sources, it will be automatically de-duplicated. Then, after reassessment of the real issue exploitability, it will be clustered with issues with the same root cause and addressed in a remediation guide (Cyber Fitness Workout). The Workouts are prioritized based on the real hacker perspective. This helps your team focus on what really matters making your vulnerability management process more efficient.
Yes, Autobahn Fit offers integration with the leading vulnerability scanners on the market: Qualys and Nessus (Rapid7 coming soon).
Asset
Autobahn uses a variety of data sources to effectively map your company’s internet footprint. We use DNS scanning, internet scanning, subdomain generation through brute forcing subdomains, WHOIS, and SSL certificates, TLS/SSL scanning, as well as cloud scanning. We currently also have an integration with AWS and will soon integrate with other cloud services.
Scanning
Yes, Autobahn Fit offers scanning with the use of its own engine as well as Qualys – one of the leading tools for vulnerability identification.
Autobahn Security includes a scanner, so you do not need to have your own.
However, if you prefer to use your own scanner, you are welcome to — Autobahn Security can seamlessly integrate with your existing scanner.
Autobahn Security identifies vulnerabilities in network devices, IoT, ICS, custom web apps, cloud/third party services, off-the-shelf software, hardware, and telco components. This allows us to find gaps in network segregation, system architecture, implementation security, credential management, patch management, and secure application development.
Autobahn Fit can identify vulnerabilities on all kinds of assets: network devices, IoT, ICS, custom web apps, cloud/third party services, off-the-shelf software, hardware, and telco components. This allows to find gaps in the network segregation, system architecture, implementation security, credential management, patch management, and secure application development.
Yes, we offer agentless scanning. We eliminate the need for agents, providing a more streamlined and efficient scanning process.
Issue and Prioritization
Vulnerability prioritization helps security teams increase their cyber resilience by focusing on the right tasks. With Autobahn Fit the prioritization is based on the real exploitability and hacker perspective.
We tap into both the power of AI and the expertise of security engineers who utilize decades of experience in cybersecurity consultancy to reassess the exploitability of issues from the real hacker perspective.
And yes, the prioritization is automated.
You can simply mark a selected vulnerability or a group of vulnerabilities as “Risk accepted” and they will no longer affect your organization’s Hackability Score.
Autobahn Fit addresses your business needs by offering various integrations (including the outbound ticketing systems like Jira, Serviceware Processes, ServiceNow), various types of permissions (user roles) as well as customizations based on scans, assets and tags (exportable custom dashboards).
Most vulnerability scanners assess issue severity based on CVSS scores. Autobahn Fit’s ethical hackers review and update the severity of the identified issues based on common hacking practices.
Aside from that, most scanners label their issues based on their CVE, which can mean nothing to someone without security expertise. We turn issues into something human-readable.
Our team of security engineers provides daily updates of the vulnerability databases.
Remediation
Autobahn Fit provides you with both an overview of the most important vulnerabilities your company faces as well as detailed, prioritized and actionable remediation guides which are easy to implement by non-cyber security experts. We help you focus on the right problem and provide instructions on how to fix it.
Autobahn Fit’s Cyber Fitness Workouts provide easy-to-implement remediation guides that don’t require cyber security expertise. Thanks to our unique prioritization methods, your team will always be working on reducing the real threats.
Autobahn Fit uses one KPI: Hackability Score, a reliable measure of your organization’s cybersecurity posture. It takes into account all of your assets and issues grouped by the same root cause allowing you to easily track improvement, benchmark, and report to stakeholders. Watch this video for more info about the Hackability Score.
Your remediation team can work directly in Autobahn Security as well as outside of the platform. We’re offering various outbound integrations (ticketing systems) that allow exporting Cyber Fitness Workouts along with asset and issue data.
You do not need to start researching a vulnerability from scratch because we’ve already done it for you. We look at multiple sources and create easy to follow step-by-step guides – saving you lots of time.
Reporting
Autobahn Fit offers a wide range of reporting capabilities from bird’s-eye-view to detailed data sets, including management summaries (dashboard exports), Excel exports of scan reports and affected assets with issue details as well as cyber risk reports (including industry benchmarks).
Autobahn Security provides a single KPI: Hackability Score. It is a reliable measure of your organization’s cybersecurity posture which helps simplifying the reporting process. The Hackability Score summarizes the security posture of all your assets into one single number, allowing you to easily track improvement, benchmark, and report to stakeholders. You can also create custom dashboard by assets, scans or tags to generate more granular insights and compare the Scores. Watch this video for more info about the Hackability Score.
Autobahn Security helps you and your company improve, or create if you have not yet, an overview of the most important vulnerabilities your company faces. In our actionable and to-the-point dashboard and reports, we guide you through what needs to be done both in the short and long term. Autobahn Fit also allows you to benchmark your results against your previous reports to show the remediation progress. This helps your team set KPIs and decide whether external help is necessary.
Our primary metric is the Hackability Score, a single KPI that summarizes the security posture of all assets into one single figure, providing a clear picture of the overall security posture of your company.
Firstly, we categorize our findings into three security best practice areas: insufficient hardening, missing patching and unnecessary exposure.
Then, we classify the vulnerabilities based on severity and business impact:
+ Severity 4: Instantly exploitable vulnerabilities
+ Severity 3: Exploitable fragment that can be used to craft a successful attack
+ Severity 2: Vulnerability that may reveal sensitive information to enable further attackers
+ Severity 1: Best practice deviation
Afterward, we use a proprietary formula to calculate the Hackability Score per finding type.
Finally, we calculate the absolute Hackability Score which is the sum of the individual Hackability across all assets. Then, we normalize this Hackability Score based on the number of exposed services to compare organizations within industries.
The Hackability Score stands out from similar metrics offered by other vendors because it does not rely solely on CVSS scores. Our approach involves a human touch, with our team of white-hat hackers evaluating the actual Hackability of identified vulnerabilities. This approach provides a more realistic assessment of the real-world risks posed by identified vulnerabilities.
This could happen if your asset’s reachability decreased in the latest scan, due to a network issue or because the services were intentionally shut down for remediation. This prevented our platform from checking the issues within the asset(s).
If you think this is not the case, we suggest you to:
-
Mark the issues on the asset as “Remediated”
-
Contact our Customer Success for more information
Autobahn Security can help you understand your company’s security posture. Comparing you to similar-sized industry peers allows you to understand if you are more vulnerable and thus need to step up your remediation efforts or helps you focus on security best practice areas where you underperform.