Solar CPT (Continuous Penetration Testing)

The main articles are:

• Security Information and Event Management (SIEM)
• Pentesting (pentesting)

2024: Solar CPT launch

On February 29, 2024, the Solar Group of Companies announced the launch of the Solar CPT (Continuous Penetration Testing) permanent security control service for the external IT perimeter. The service identifies critical vulnerabilities and flaws in the changing external IT perimeter that hackers can exploit. The flaws found during the scan are verified by security analysis experts, after which the customer receives practical recommendations for protection. As of February 2024, pilot projects are underway with organizations from the IT industry and the processing industry.

source = Solar

Cyber ​ ​ attacks are becoming more complex, and their density is constantly growing - according to Solar experts, only since the beginning of 2024 the share of highly critical incidents has more than increased by 3 times. In such conditions, any lack of infrastructure increases the chances of hackers to launch an effective attack. Traditional vulnerability scanners and one-time penetration tests are effective tools for increasing the level of security, but due to their specifics they have a number of restrictions. For example, a pentest cannot be carried out constantly due to the high cost of labor and the need for a large number of specialists. At the same time, Solar CPT will allow the customer to regularly update the picture of the external perimeter and better protect the vital infrastructure from critical threats with a competent price-quality ratio.

Solar CPT is an offensive security class solution aimed at Enterprise customers with a high level of information security maturity. The service takes into account the many years of experience of Solar experts in security analysis: automation of manual pentest processes made it possible to create its own platform for identifying vulnerabilities and systemic flaws in perimeter protection. At the same time, the solution is constantly updated taking into account the changing techniques and tactics of attackers.

The service is implemented "turnkey": penetration testing experts collect information about the infrastructure, scan it using platform tools, and then manually check the vulnerabilities and shortcomings found, which helps reduce the number of false positives compared to automatic scanners. As a result of the analysis, the client receives easily readable reports in the information security account, which can be used for further work to eliminate vulnerabilities.

When assessing the security of the perimeter, the customer himself can choose the frequency and depth of scanning, and experts will highlight critical vulnerabilities and shortcomings that attackers are most likely to exploit. The service also identifies "forgotten" or incorrectly decommissioned IT assets of the company, concealing the risks of successful attacks.

Analyzes vulnerabilities and develops the platform a dedicated team of certified experts, among them - specialists with prizes in international specialized competitions.

The Solar CPT service is part of an automated pentest action combined with full expert expertise. Thus, the business not only receives the required information security expertise of a narrow profile, but also optimizes the costs of it, and wins in time, which means it will be able to quickly prevent cyber risks, - explained Alexander Kolesov, head of the security analysis department at Solar JSOC Solar Group.