© 2022 Prancer, Inc.

Blog

Red Teaming and Automated pentesting with Prancer Security Solution

Prancer
October 28, 2022

Introduction
As organizations increasingly move to the cloud, they must also ensure that their data and applications are secure. Prancer provides a cloud security solution that helps organizations protect their infrastructure and applications while taking advantage of the many benefits of the cloud. Prancer provides a continuous validation platform to ensure your cloud environment is secure and compliant with industry standards.
Here is a breakdown of how the solution works!

Auto-Discover
Prancer connects to enterprise resources in the cloud to discover all the attack surfaces at both the Infrastructure and Application layers. The source of information is the control plane configuration data available from the cloud solution providers for applications and code repositories.

Analyze
The Prancer engine reviews the security configuration of the application infrastructure and correlates data from different sources to provide immediate feedback to the client about non-compliant items. It reports back all the security concerns to the client and provides remediation.

Strategize
Based on the Intelligence out of the auto-discovery and analysis phase, Prancer now understands the application’s underlying technologies and infrastructure design. Prancer strategizes attacks against enterprise assets based on this gained knowledge.

Attack Automation
Prancer uses its patented solution for Attack automation. The Prancer engine creates attack chains and lateral movement strategies. It schedules the attacks on demand, on a scheduled basis, or in a continuous validation mode.

Reload
The latest attack manifests are reloaded from the codified attack database. This database includes common vulnerabilities like OWASP top 10, SANS top 25, Zero-day vulnerabilities and CVEs and custom business logic testing developed by threat developers. All relevant attacks to the application and infrastructure in which the engine gained intelligence based on the auto-discovery phase are reloaded to the engine. This database is maintained by the Prancer Research team feeding from CVEs, CSPs, the dark web, and national vulnerability databases.

Attack Emulation
Prancer patented Pentesting as Code (PAC) engine makes attacks emulation against enterprise assets to find security holes and validates the fixes. The scanner engine can run inside the client’s network or make an external attack. All black box, grey box, and white box scenarios are fully automated and integrated into the platform to comprehensively view the available vulnerabilities.

Risk Assessment and scoring
Prancer presents the prioritized risks and security assessment of company assets from the attacker’s viewpoint. This risk-based scoring gives invaluable information to the security operators to remediate vulnerabilities before the exploit happens.

Prancer helps organizations of any size to benefit from the automated pentesting for their cloud and on-premise application and build their Red Teaming exercise efficiently with predefined recipes!