WHAT IS AUTOMATED RECONNAISSANCE PENETRATION TESTING?
Evolve orchestrates scalable penetration testing environments specifically for the type of penetration test you want to perform. You choose the level of protection and intensity that is right for your business needs with event-driven or daily, weekly or even monthly periodic penetration testing.
The Evolve “Automated Reconnaissance Penetration Testing” solution lets organizations minimize the time it takes to detect critical risks and security weaknesses. Since this solution is completely passive, security teams can gain regular insights into internet-based risks without the overheads of organizing change control windows and approvals.
Automatically collect and generate intelligence about your organization, employees and systems that are being used by attackers to compromise your organization. This includes identifying the employees most susceptible to threats, leaked usernames and passwords, compromised systems, suspicious dark web communications, unknown domains and systems, system geographic locations, as well as exposed vulnerable services and corresponding exploits.
Frequent automated reconnaissance activities help you stay on top of the exposures that increase the risk of your organization suffering a security breach throughout the year.
Automated Reconnaissance Penetration Testing is available in the Evolve Marketplace. Simply import this automation workflow into your Evolve Account with flexible monthly subscriptions to maximize your security budgets MORE
Employee Social Media Reconnaissance
Email Reconnaissance and Verification
Online Compromised Account Reconnaissance
Offline Compromised Account Reconnaissance
Darknet and Reputation Reconnaissance
IP and DNS Reconnaissance
Cyber Threat Intelligence Reconnaissance
Exposed Port and Service Identification
Software Version Identification
Software Vulnerability Identification
Public and Commercial Exploit Identification
Active Malware Exploitation Identification
Evolve Automated Exploit Configuration
Automated Vulnerability Risk Prioritization
Automated Administrative Services Identification
FLEXIBLE SUBSCRIPTION PRICING
Evolve enables you to maximize your security budget by providing flexible monthly subscriptions with no lock in contracts. Simply import the Automated Reconnaissance Penetration Testing capability from the Evolve Marketplace to begin your subscription.
Monthly Subscriptions. No lock in contracts.
OPTIMISE YOUR COSTS WITH USAGE-BASED BILLING
Importing workflows and modules from the Evolve Marketplace has once-off usage charges per import to orchestrate your new capabilities
SECURITY ZONE USAGE
Evolve transparently optimizes usage charges related to the scaling of Security Zone infrastructure and storage in real-time
Evolve Workflow usage occurs when launching new workflows to orchestrate and chain your security automation modules and data
Evolve Modules are stored and executed on-demand and in real-time that incur usage. Optimize usage by reduced module executions
Evolve Service usage occurs upon scheduled or on-demand service execution. Minimize usage by reducing service calls
When storing and transferring data within Evolve Containers, usage charges can be optimized by compressing or expiring data
Generating and storing Evolve Dashboards incur usage to enable populating chart data from within Evolve Containers
Evolve Event usage enables you to keep track of all of the security automation actions and events within your accounts
FREQUENTLY ASKED QUESTIONS
WHAT IS AUTOMATED RECONNAISSANCE PENETRATION TESTING?
Evolve Automated Reconnaissance Penetration Testing will automatically collect and generate intelligence about your organisation, employees and systems that can be used by attackers to compromise your organisation. This includes identifying your most exposed employees, leaked usernames and passwords, compromised systems, suspicious dark web communications, unknown domains and systems, system geographic locations, as well as exposed vulnerable services and corresponding exploits.
HOW DO I GET STARTED?
The first step is to register for an Evolve Account. You will then have access to the Evolve Marketplace where you can subscribe to the Automated Reconnaissance Penetration Testing solution. Simply import this automation workflow into your Evolve Account. You can follow the Getting Started Guide to then schedule your first Automated Reconnaissance Penetration Test workflow instance. The results will automatically be displayed in the corresponding Evolve Dashboard.
DOES AUTOMATED RECONNAISSANCE PERFORM ATTACKS?
Evolve Automated Reconnaissance Penetration Testing is designed to execute passive searches for information that is accessible on the internet. This workflow does not perform active attacks and is able to passively identify hosts, services, vulnerabilities and event exploits without attacking your systems. Evolve will recommend automatic configuration of exploits so that you can test them manually, but will not launch them during automated reconnaissance.
GETTING STARTED WITH
AUTOMATED RECONNAISSANCE PENETRATION TESTING
STEP 1: REGISTER AN EVOLVE ACCOUNT
Congratulations for deciding to mature and streamline your security capabilities and maximize your security budgets. Your first step is to simply Register an Evolve Account using the Register button on the Evolve website.
STEP 2: LOGIN TO YOUR EVOLVE ACCOUNT
Now that you have an Evolve Account, login using the Sign-In button on the Evolve website. This will take you to the Evolve welcome screen.
STEP 3: SETUP YOUR EVOLVE BILLING
Evolve subscriptions and usage-based bills are charged via credit card. You can setup your payment method via the Billing feature located under your Profile Menu towards the top right-hand corner of your Evolve Account. Select the “Add Payment Method” button that will load the Evolve Secure Payment Gateway page where you can add your credit card details.
As part of our fraud-prevention controls, your credit card will be charged a nominal amount that you need to enter to verify your credit card before it can be used for payments. Your Evolve Account is now setup and you are ready to mature your security.
STEP 4: SELECT YOUR EVOLVE REGION
Evolve is a specialist security automation cloud, which means that it has globally distributed infrastructure enabling geographic security controls allowing you to keep your data and processing within the geographical regions aligned to your business needs. You can select your Evolve Region in the top right-hand corner of your Evolve Account. Any actions you take will occur within your selected Evolve Region.
STEP 5: IMPORT FROM THE EVOLVE MARKETPLACE
The Automated Reconnaissance Penetration Testing workflow is available in the Evolve Marketplace, which you can navigate to under the Marketplace side-menu. Whilst in the Evolve Marketplace, you can locate this workflow by either selecting the “Penetration Testing” category and browsing through the available workflows, or by searching for the keyword “reconnaissance”.
By clicking on the Automated Reconnaissance Penetration Testing workflow marketplace item, you can review the overview of the workflow, as well as usage and subscription pricing information. Click the Import button and simply step through the import steps, where you will then be redirected to the Imports page. You may need to use the Reload button to see your newly imported workflow.
Once the import status changes from “Pending” to “Available”, you have successfully subscribed to this security automation workflow and added this specialist security capability to your business.
STEP 6: LAUNCH A SECURITY ZONE
Evolve Security Zones are isolated environments that provide scalable compute and storage to execute your Evolve Workflows.
Select the Security Zones side menu item and click the New Security Zone button. Set a useful name for your Security Zone and click the Next button, which will take you to the Security Zone Size page. For most use cases to execute Automated Reconnaissance Penetration Testing workflows, a Medium Security Zone should be sufficient. For larger organizations with more internet-accessible hosts, a Large Security Zone may want to be considered. Click the Next button once your Size has been selected.
The Configuration page allows you to specify the settings of your Security Zone:
- The Volume Size is the size of your Security Zone cluster nodes’ disks used to temporarily store your module data during processing. The default size should be sufficient for Automated Reconnaissance Penetration Testing.
- The Scalable setting configures the Security Zone to automatically scale up as the number of modules to be executed in parallel increases, whilst also automatically scaling down to nothing whilst the Security Zone is not being used in order to natively optimize usage charges. The Scalable setting should be selected for Automated Reconnaissance Penetration Testing.
- The NAT Gateway can be left as blank, which means that the Security Zone nodes will receive dynamic public IP addresses. Since this workflow is passive then we don’t need to have a static IP address for its activities.
- The VPN Gateway can be left as blank since this workflow does not need to access your organization’s internal systems.
Click the Next button, review your settings, and then click the Create button. This will automatically orchestrate your Security Zone with the configurations specified and will take around five minutes.
You should wait for the Security Zone state to change from “Pending” to “Available” before moving onto the next step.
STEP 7: LAUNCH A WORKFLOW INSTANCE
Evolve has the concept of “Workflows” and “Workflow Instances”. You have imported the Automated Reconnaissance Penetration Test Workflow, which can be thought of as your security capability. You now need to launch a Workflow Instance to be executed with details for your organization.
Select the Workflows side menu item to list your available workflows. You will find a series of buttons alongside your Automated Reconnaissance Penetration Test Workflow where you will need to click the button called “Create Instance”. Set a useful name for your workflow instance and click the Next button, which will take you to the Parameters page where you provide your organization’s details.
Enter the following information within the parameters to include within the scope of the Automated Reconnaissance Penetration Test:
- Hosts to include as a comma separated list of your IP addresses and CIDR ranges
- Domains to include as a comma separated list
- A single organization name to include
- A useful name for your Evolve Dashboard to display the results
- Select the date and time to schedule your first Automated Reconnaissance Penetration Test, which will automatically be repeated weekly.
Click the Next button to go to the Configuration page where you select the default location for modules will be executed. You should select the Security Zone that you created for this workflow. Leave the Agent and Agent Device not selected since we do not want this workflow to run via an Evolve Agent.
Click the Next button, review your settings, and then click the Create button. This will automatically orchestrate your Automated Reconnaissance Penetration Test workflow instance, including all Module Instances and Containers, using the configurations that you specified for your organization.
Your workflow will be automatically launched by Evolve on the specified date and time, and relaunched every week to ensure you stay up to date with the latest threats to your organization.
STEP 8: REVIEW YOUR EVOLVE DASHBOARD
A typical Automated Reconnaissance Penetration Test workflow can run from around one hour to eight hours depending upon the number of email addresses, systems and information gathered for the organization. Detailed automation activities can be viewed via the Events page that can be accessed via the Events side menu item.
A quick access menu for every Evolve Dashboard can be found under the Automation side menu. You may find that you need to refresh your web browser page for your new dashboards to appear in this list.
Select your Evolve Automated Reconnaissance Penetration Test Dashboard to view the results of your penetration test. Any spinning charts indicate that those components of the workflow are still running.
Review this dashboard on a weekly basis to gain insights into the latest threats and intelligence about your organization’s security posture.