Smarter Risk Metrics, Greater Transparency, and Streamlined Asset Management with the BreachLock Unified Platform’s Latest Update

BreachLock is constantly enhancing the proactive security capabilities of the BreachLock Unified Platform to keep customers ahead of the ever-increasing sophistication of threats in the evolving threat landscape. With the latest release of NGPTaaS version 3.0, we’ve introduced meaningful improvements in both Attack Surface Management (ASM) and Penetration Testing as a Service (PTaaS) that help customers measure their overall risk, enhance communication and transparency, and streamline customers’ ability to organize, find, and manage assets quickly, especially at scale.

The updates in NGPTaaS v3.0 are designed to empower security teams with enhanced visibility, transparency, and a more intuitive user experience, especially for users with large-scale, complex environments. In this blog, we’ll take a closer look at these improvements.

With the latest platform update, BreachLock users will get better visibility and understanding of their organizations’ risk with a handful of new fleet-wide and per-asset metrics. The following metrics offered in NGPTaaS v3.0 give executives and engineers a universal language for understanding and addressing risk more effectively.

Holistic ASM Risk Metrics

1. Overall Risk

To determine an organization’s overall risk, each asset’s risk is first calculated with the use of two key weighted metrics, ASM Score and CVSS Max-Scaled Score, which both take context beyond just the basic CVSS score into consideration for a more accurate, business-focused representation of risk.

ASM score, calculated first, considers five weighted factors: exposure, technical risk, misconfiguration, protection, and business context. The CVSS Max-Scaled score is then determined by adding asset-specific context to the base CVSS score of each vulnerability identified. This contextual adjustment considers factors like exposure, likelihood of exploitation, and business impact.

BreachLock finally takes the ASM Score and CVSS Max-Scaled Score, weighted at 60% and 40% respectively, to calculate overall risk.

This blended metric adds much-needed, business-specific contextualization of overall risk beyond what the standardized method of assessing risk with CVSS scores alone offers, capturing each asset’s exposure, exploitability, and potential business impact. While the overall risk metric tells a story at a glance, customers still maintain visibility of the risk of each active asset, making this a valuable new feature for enterprises that can scale to any inventory.

2. Asset Risk Trend

Another key metric now available in the BreachLock Unified Platform for ASM is Asset Risk Trend. Users can now track fluctuations in their overall risk over time, bridging the communication gap between technical and executive stakeholders in an organization with a universally understood visual representation. This chart displays an organization’s overall risk level from Informational to Critical on a monthly basis.

3. Top Vulnerable Assets

Not only can BreachLock users visualize their overall risk and how it fluctuates over time, but they now gain instant visibility of their top vulnerable assets directly within the ASM dashboard, making it crystal clear which vulnerable assets need to be addressed first.

4. Asset Risk Score Accessible from Asset Discovery Page

On the asset discovery page, BreachLock users can now hover over an asset name, whether it was discovered automatically or added manually, to see its associated risk score.

Project Manager Contact Details, Availability, and Response Time Visibility

To increase transparency, BreachLock has given clients direct visibility of their project manager’s contact details, shift schedule, time zone, status, and estimated response time within the Organization Details page.

With this new feature, Clients know exactly when their project manager is available and how soon they can expect a response to any inquiries raised, simplifying collaboration across global teams.

Smarter Asset Organization

I. Multi-Tag Support

BreachLock has replaced the Alias field platform-wide with a multi-tag structure, allowing users to create custom tags for assets, and enabling advanced categorization by business function, priority, team, etc. This multi-tag feature is supported during both manual and bulk asset creation and editing. Organizations can now search for and group assets based on their custom tags, streamlining large-scale asset ingestion for enterprises.

II. Advanced Filtering Capabilities

In NGPTaaS v3.0, BreachLock has added advanced filter capabilities on the asset inventory page, allowing for table-level filtering for more precise asset selection. Previously, users could only search and filter by asset name, but are now able to sort by asset name, tags, asset type, asset label, and status. This intuitive feature makes it simpler for users to select assets for pentesting based on their desired criteria.

CSV Report Export for Easy Ingestion by Third-Party Tools

BreachLock NGPTaaS v3.0 now enables clients to download a CSV report of all vulnerability data from a pentest, giving users who need a simple avenue for transferring their results to third-party tools (e.g., Excel and BI) in an easily ingestible format.

Conclusion

With NGPTaaS v3.0, BreachLock, again, has evolved the BreachLock Unified Platform’s ability to meet the needs of modern security teams. These enhancements give organizations a more holistic, contextualized understanding of their security posture while making everyday workflows more intuitive and scalable. From delivering a more holistic view of organizational risk to improved reporting options, every improvement in this release is designed to enable greater transparency, communication, and control. As the threat landscape evolves, BreachLock will continue to deliver proactive, enterprise-ready offensive security solutions that help customers stay ahead of the curve.

Author

BreachLock Labs