Professional Documents
Culture Documents
Autobahn-Fit-VisioNet-deck
Autobahn-Fit-VisioNet-deck
Vulnerability prioritization.
So you can focus on what matters.
Executive summary
Autobahn Fit can enable VisioNet to provide highly-efficient vulnerability management to its
clients
▪ VisioNet provides managed services for a wide variety of clients, focusing on SOC, EDR and VA services.
For Vulnerbility Detection, its tool stack encompasses Nessus Professional and Tenable.sc
▪ Autobahn Fit serves as a single pane of glass platform. We aggregate asset and vulnerability data,
automatically prioritize the data with Threat Intelligence, and provide step-by-step remediation
instructions to IT practitioners, making remediation up to 90% more efficiently
▪ VisioNet can perform vulnerability assessment and vulnerability management engagements more
efficiently by integrating its client’s vulnerability data in one place, thereby automating tedious
manual prioritization work normally done by (expensive) cybersecurity experts
▪ Autobahn Fit also uses Qualys’ scan engines – both internal and external – to discover vulnerabilities.
These services can be offered by VisioNet to their clients to serve as one suite
▪ We propose to run a Proof of Concept to showcase the impact and value to VisioNet by integrating and
prioritizing the vulnerability data of one of its clients into Autobahn Fit. This slide deck is created to
show Autobahn Fit’s capabilities and select a test subject for the proposed collaboration
2
The company
Autobahn Fit is a vulnerability prioritization leader based in Berlin and Jakarta that supports
customers across different industries and regions improve their security postures
“Companies gain little insights from their cyber data – until ▪ Initially developed by security think tank Security Research Labs
Autobahn Fit prioritizes and translates data into actions.” ▪ Supporting customers across 20+ countries and different industries
▪ Offices in Berlin, Jakarta, and Singapore
3
Our Impact - Enterprises
We have strong traction in Enterprise and SME segments in multiple industries and across
three continents
DAX-listed Using Autobahn Fit has maintained a Hackability Score nearing zero for over six months, and
software vendor remediated new vulnerabilities within two weeks on average using Cyber Fitness Workouts
Multinational Uses Autobahn Fit to merge data from multiple scanners and track Hackability Score across 64
insurance Operational Units
NASDAQ-listed Has been using Autobahn Fit since 2020 to run scans of over 80,000 assets, report Hackability Score to
company C-level, and scan potential acquisition companies
Telecom Uses Autobahn Fit to aggregate vulnerabilities from multiple scanners, across sixteen networks,
conglomerate streamlining remediation to reduce Hackability Score by 25% within two weeks if new issues are found
National postal Reports Hackability Score from Autobahn Fit to C-level of 30+ companies owned, and uses Cyber
service Fitness Workouts to drive security improvements across the entire group
4
Our approach
Autobahn automates tedious security analyst tasks so practitioners can focus on innovation
By automating
Vuln tools today Manual security analyst steps security analyst
workflows
vulnerabilities
can be reduced
Scan Aggregate Prioritize Remediate Report up to 90% faster!
5
Our approach
Autobahn Fit gathers issues from multiple platforms and uses automation to reassess their
severity, group them by root cause and recommend step-by-step remediation guides
Progress-tracking KPI
*Optional: powerful
vulnerability scanning Ticketing system
from Qualys if your client
does not have scanners
yet or wants to extend
their scope
6
Our approach – customer example
Our cyber fitness approach helped a DAX company focus on a handful of highly-effective Cyber
Fitness Workouts, instead of chasing thousands of vulnerabilities
Aggregate
964,000 79
Map to Map to
Issues Correlate Cyber Fitness
root cause Workout Workouts
discovered by
Re-assess
7
Our approach
From thousands of findings that need to be analyzed by experts, to a handful of actions to start
improving your security posture immediately – no expertise required
Focused efforts, i.e., 1-3 Cyber Fitness Workouts per team that
High workload coming from 1,000s and 1,000,000s of findings
address root causes rather than vulnerabilities (symptoms)
8
Autobahn Fit – Dashboard view
The dashboard provides an easy-to-understand assessment of your Cyber Fitness posture and
clearly tells clients what needs to be done next
9
Autobahn Fit – Workout details
Cyber Fitness Workouts are remediation guides written by security professionals in layman’s
terms that can be assigned to IT teams
10
Autobahn Fit - Suite
Autobahn Fit combines five core cyber risk management capabilities into one comprehensive
vulnerability prioritization and remediation suite
Automated asset Create a list of assets (IPs, domains, cloud assets) that
Asset Discovery
management hackers are likely to find and attack
Comprehensive list of Vulnerability Scan for a >100k security issues and create
security risks Assessment comprehensive issue overviews
Quick identification of Issue Clustering & Map issues to root causes and create a prioritized
most severe issues Prioritization shortlist remediation
11
Autobahn Fit – Cyber Fitness Coaches
13
Support stakeholders
Provide value to DevOps, IT, and Board
Support stakeholders
Autobahn Fit clusters issues and applies a hacker's view, not generic exploit data, leveraging
Prioritize with a
100+ years of collective experience. This unique prioritization offers a direct route to improved
hacker perspective
hacking resilience
Remediate with
Cyber Fitness Workouts offer clear remediation guides, enabling IT teams to tackle
step-by-step
vulnerabilities with ease, regardless of security background
guidelines
Report progress
Hackability Score distills a customer’s security status into one clear KPI, aiding leaders in
with the
monitoring progress, benchmarking, and stakeholder reporting
Hackability Score
15
Support stakeholders
16
Support stakeholders
17
Support stakeholders
Assurance managers benefit from automated prioritization and use the Autobahn Fit platform to assign
asset ownership to DevOps and IT specialists
Security
Analyst
18
Support stakeholders
19
Support stakeholders
Let IT specialists manage and remediate vulnerabilities with ease with auto assigned Workouts
20
Support stakeholders
IT specialists access Workouts for swift, prioritized remediation with verified, step-by-step
guidance – either in Autobahn or in Jira
IT Specialist
21
Support stakeholders
Job to do: Report progress to the board and take budget decisions
Problems:
• Brian doesn’t have a simple way of showcasing the impact of his security efforts
• Since his team is using multiple scanners, he spends a lot of time aggregating and analysing the
data
• He also doesn’t know how to justify which team requires more support
Benefits of Autobahn Fit:
• Brian now has a single metric which is autoamtically given by Autobahn Fit: the Hackability
score. He can use this to track his progress and to compare himself to his peers
• He can also create custom dashboards for each of his teams to see which one isn’t remediating
as much and decide whether they need more support
• Now Brian can go to his board and confidently say “our team has improved because our
Hackability score has reduced by 30% in the last three months”
22
Support stakeholders
Management team tracks and reports organizational security progress with the clear Hackability Score
CISO
23
Support stakeholders
Our Cyber Fitness Coaches can support VisioNet’s customers throughout their resilience
journey at no extra cost
24
Support stakeholders
25
Case study 1 – insurance
How a global insurance company reduced its Hackability by 18% in one
month
Case study 1 – insurance
The journey started by merging available vulnerability data into a holistic Hackability view
Still, several security stakeholders asked for more transparency • Merge and deduplicate
around hacking risks: • Assign to group company
▪ The CTO asked for continuous auditing to spot deviations from
security architecture Assign Hackability Score based
on hacker interest
▪ The CIO required a simple security KPI to steer operational
tasks Create prioritized remediation
▪ The COO wanted a way to compare group companies list per group company
27
Case study 1 – insurance
Hackability points to a small set of issues responsible for majority of hacking vulnerability
28
Case study 1 – insurance
19 OpCos improved Hackability, while 4 addressed gaps in their visibility Key Takeaways Objectives achieved
29
Case study 1 – insurance
240
▪ The fitness plan with its
proactive approach is ▪ The CIO
220 particularly suitable for issues started
that usually remain attaching
200 unaddressed for a long time fitness goals to
▪ At this business unit, the the security
180 April 1: mitigation pipeline prevented KPI for each
the Hackability Score from OpCo
Java hardening
160 issues sent to rising by fixing all instances of ▪ The CISO uses
OpCo ISO April 21: two severe issue types in less the fitness
Java hardening April 29: than a month insights gained
140 issues resolved at one OpCo to
Apache issues sent, ▪ The mitigation process
resolved the next day accelerates with longer inspire other
120 engagement with the fitness OpCos to fix
plan, with fixing time dropping the same
from 3 weeks to 1 day in this vulnerabilities
Fitness journey Without mitigation pipeline example
30
Case study 1 – insurance
The Cyber Fitness Workouts continuously and automatically target main Hackability drivers,
turning vulnerability remediation from an expert domain into a scalable commodity
Hackability Score breakdown Fitness Workouts by type Key Takeaways Objectives achieved
31
Case study 2 – advertising
How a large advertising company integrated Autobahn Fit into its
merger and acquisition activities
Case study 2 – advertising
After going public, this advertising company needed a clear mechanism to compare potential
M&A targets with one another
APPROACH
33
Case study 3 – healthcare
How an Indonesian hospital group was above to get a clear overview of
its hacking risks within one month
Case study 3 – healthcare
Having to manage vulnerabilities coming from multiple VA tools, this Indonesian healthcare
provider was looking for a way to consolidate and prioritize their most important issues
APPROACH
35
Customer testimonials
Dr. Ralf Schneider “The remediation steps have been very helpful even
Ariel Pisetzky for a layman like me. I had an issue I sent to one of
Group CIO at Allianz VP Information Tech & Cyber at Taboola my IT personnel on a certain vulnerability that kept
coming up that we have been having issues with for
"We continuously track hacking risks for "We found Autobahn Fit to be best-in-class
quite some time. We followed the steps, and it has
several hundred thousand IT assets. Autobahn among vulnerability assessment platforms.
been fine ever since.”
Fit aggregates vulnerabilities from our The Autobahn platform allowed us to scan our
– Parallex Bank
discovery tools, such as Qualys, which helps large internet footprint and provides clear,
Allianz remediate vulnerabilities faster and concise reporting with easy-to-follow
“It’s a collaborative atmosphere – people listen to you
more efficiently. With easy-to-follow Cyber remediation instructions. We see Autobahn Fit
and support you. It’s a personalized service.”
Fitness workouts, Autobahn Fit makes as a partner in maintaining outstanding
– Mascom Wireless
remediation possible for everyone and hacking resilience at Taboola."
ensures that we keep improving our cyber
“From other tools we get 380 page PDFs. Where do
defense capabilities and skills in a sustainable
we start? Autobahn Fit tells us where to start and
way."
that alone is a great help.”
– PDV Systeme
36
Vulnerability management platform subscription
We offer different packages, with pricing depending on the number of IPs protected
37
Thank you.
Arjen Vogel
arjen.vogel@autobahn-security.com