Welcome. Here is a free text!
There are only two ways of finding a vulnerability. Either you do, or somebody else does. Cybersecurity is all about being one step ahead
The vulnerability management process consists of six steps. Faraday’s technology optimizes and smoothens the process as a whole, allowing you to manage it from a single platform.
Depending on the needs of the organization or the product being developed, the scanners to be used may vary. Faraday’s technology allows businesses to choose scanners according to their needs and integrate them smoothly into their lifecycle.
With Faraday, scanners may be deployed and added into the lifecycle with just a few clicks. Vulnerabilities may be easily imported if scans have previously been performed elsewhere and users need to manage their vulnerabilities.
Faraday’s First Scan may be a first approach to scanning, which allows users to have a feel of what scanning is about for free and with just a few clicks.
In this step, vulnerabilities are classified in terms of severity and ease of resolution. Vulnerabilities sent by scanners may be confirmed or not, evidence of their existence may be uploaded, and their description and information may be easily updated. Faraday allows to carry out this process in a sharp, intuitive, user-friendly dashboard.
Vulnerabilities may be tagged for easier identification. Filters may be used, saved and created in order to ease navigation and classification of high volumes of vulnerabilities.
Faraday allows users to handle duplicate vulnerabilities and to automate prioritization and assessment tasks, in order to save experts’ time and optimize your teams’ security resources.
For users with access to multiple workspaces, Faradays’ feature of workspace comparison might be useful for strategic decisions, resource management, and as a source of feedback to compare different approaches.
Faraday allows users to save expert’s time in creating reports by generating them automatically, in editable formats. The creation of reports and handling of vulnerabilities may be integrated with other tools within Faraday, such as filters or pipelines.
Different companies may have different objectives and reasons for reporting, as well as different protocols to comply with. Faraday approaches reporting with the same versatility that it approaches scanning: the vulnerability normalization technology allows Faraday to offer users the possibility of creating custom reports which answer to their particular needs.
Another approach to communication is the platform itself. A workspace might be accessed by several users, so Faraday’s dashboard and analytics may be accessed by different experts who need to use Faraday’s full versatility.
Faraday’s planner allows users to assign issues and tasks within Faraday, which will be notified to assigned users. Vulnerabilities may also be assigned directly in the dashboard, by tagging users in the same workspace. This will send them a notification too.
The platform is designed to manage the remediation process within Faraday, allowing users to send tickets to developers or IT teams in charge of mitigation, with Jira, ServiceNow and Gitlab integration.
Once vulnerabilities are remediated, their statuses should be changed in the dashboard, for later verification. Vulnerabilities might have four different statuses in the vulnerability management lifecycle:
Faraday will recognize if closed vulnerabilities are still present, and automatically change their status to reopened. In other cases, a vulnerability’s status will remain as assigned.
The verification step closes the vulnerability management lifecycle, and introduces the beginning of a new iteration.
Faraday’s technology follows three key steps to help the process run smoothly:
Faraday brings comfort to every vulnerability management task, by perfecting the process as a whole. Recognizing teams’ diversity in approaches, Faraday’s technology never lost focus on versatility.
After looking through Faraday’s recommended introduction, interested readers might like to learn more about Faraday’s CLI and API, which may be useful for scripting, interfacing and automation.
If your company is interested in performing vulnerability management but believe that you could use help from an expert, you may contact us and we’ll get in touch.
Instant Alerts: Stay informed with real-time notifications.
Setup your own actions strategy, assign tasks to users for each phase and easily follow them up You can create your own custom Methodologies, add Tasks, tag them and keep track of your whole project directly from Faraday. Faraday comes with Methodologies loaded by default that allow you to get to work quickly without having to create your own.
Process of determining the order in which security vulnerabilities should be addressed based on their severity and potential impact on an organization.
Faraday Cloud provides the most extensive continuous scanning and real-time insights for the security integrity of your systems Faraday Cloud gives you a multi-engine scanning platform that supports an ever-growing list of industry security tools.
Faraday supports 2nd Factor Authentication. We support any apps, e.g: Google Authenticator (Android) Google Authenticator (iOS) Authy (Android) Authy (iOS) OTP Authenticator (Android, Open Source)
Provide access to the platform through all its channels. Identified by username and profile, it allows to moderate accesses and keep under control data governance.
A workspace is a project presentation that allows you to summarize information from different sources, work with them as a unit, and generate information.
An asset is any device, resource or other component of the environment that supports information-related activities. For example, IP Addresses and FQDN in the scope of an assessment.
Facilitate the search for possible duplicates and provides the user with a friendly mechanism to associate a set of vulnerabilities that could refer to the same problem/vuln, with the option of leaving only one of these vulnerabilities visible and hiding the rest.
The Executive Report feature lets you create (as the name implies) reports using the results obtained in each workspace. When an Executive Report is created, all the data from the Status Report is automatically processed and placed in a PDF/Word compatible document that can then be downloaded.
Allows the user to automate tasks after an agent terminates and new vulnerabilities bulk into a workspace. Also when a user manually uploads a tool report to a workspace.
Bringing access to different data visualization to Manager, Pentesters, Clients and Assets Owner.
Use Faraday directly from your favourite terminal. faraday-cli is the official client that make automating your security workflows, easier.
Automate repetitive Agents’ actions and check results on your Dashboard
This is a feature that allows you to send data from Faraday to Jira/ServiceNow as tickets inside the system. In order to do it, go into our Status Report, select the desired vulnerabilities, click on the Tools button and then click on the ServiceNow/Jira option.
As Faraday allows you to keep all of your pentests in one place, we thought it would be interesting to add the possibility to see your assessments come to life. These charts allow you to find new relations between your data and clarify the state of an assessment. We will also add new charts in the future, and the possibility to customize them as well!
Setup your own actions strategy, assign tasks to users for each phase and easily follow them up. You can create your own custom Methodologies, add Tasks, tag them and keep track of your whole project directly from Faraday. Faraday comes with Methodologies loaded by default that allow you to get to work quickly without having to create your own.
Tags allow you to organize your vulnerabilities. by letting you make and edit categories: environment, technology, state, language, projects, whatever. The team can then see the tagged vulnerabilities and organize the security evaluation.
Define and execute your own actions from different sources and automatically import outputs into your repository.
Custom Fields allow you to extend the Vulnerability’s model with more fields. Custom fields type can be int, str, list, and choice.
You can use inline images with Faraday Evidence in the fields above by adding an Evidence file to your vulns and adding markdown like this:
No infrastructure changes needed: implement Faraday On-prem, Cloud or Hybrid without network changes.
The idea of the Web Shell is to allow you to work directly from the web using ZSH as a console. You would be connected to your own shell (listening in loopback interface).
This feature lets you easily see and assess the differences between two of your Workspaces.
Find yourself writing the same descriptions over and over again? Tired of typos coming up in your reports? Faraday provides a simple solution: unify criteria for naming vulnerabilities and save time and effort to yourself and your team.
There are three kinds of plugins available for Faraday; console, report and API also called online. However, these are not mutually exclusive, meaning that some tools have more than one Plugin to process their output. For example, Nmap has a Console plugin which allows you to run it directly from ZSH, but it also has a Report one, in order to import scans that were run outside of Faraday.