FAQ.

Need some information?

background_manifesto.png

Here are some questions :

What does Hackuity offer more than a vulnerability scanner?


Hackuity provides an agnostic solution to enrich and manage vulnerabilities from different scanners (network scanners, application scanners), sources (NIST NVD, CTI) or detection practices (pentests, bug bounty, compliance reports, etc.). This translates, among other things, into mechanisms for vulnerability deduplication and an algorithm for "scoring" vulnerabilities from multiple and cross-origin sources. Hackuity orchestrates your detection arsenal, normalizes your results, centralizes your baselines and provides a harmonized risk measurement. Want some proof? Let's talk about it!




How does your solution help fix vulnerabilities?


Remediation teams thank Hackuity for: 1/ The standardization of collected vulnerabilities, which provides a standard format for describing vulnerabilities and remediation measures, regardless of the source. 2/ The enrichment of vulnerabilities with all the identified recommendations (editors, NVD, CTI, scanners, ...), but also with the Hackuity knowledge base. 3/ The native and bi-directional integration with workflows and tools (Jira, ServiceNow, ...), which facilitates the collaboration with CISOs and helps identify bottlenecks. 4/ Drastic reduction in the number of critical vulnerabilities, allowing to focus on the most important vulnerabilities and not noise. What about a PoC?




How do you deal with false-positives?


Several elements limit the loss of time related to false-positives: 1/ Standardization and deduplication of vulnerabilities, which allows you to cross-check the results of all your detection tools, sources and practices 2/ Historization of results, which guarantees that a false-positive qualified as such is not otherwise requalified by a third party source 3/ Confidence scores that can be attributed to the sources




How is performed orchestration? Who maintains the codes allowing the call of specific tools with Hackuity?


Orchestration is performed via API calls when our customers' tools and architectures allow it. For example, a scheduler can be used to schedule recurring scans. Hackuity ensures the development, maintenance and support of connectors with all the tools of its ecosystem.





Some more :

What does Hackuity offer more than a vulnerability scanner?


Hackuity provides an agnostic solution to enrich and manage vulnerabilities from different scanners (network scanners, application scanners), sources (NIST NVD, CTI) or detection practices (pentests, bug bounty, compliance reports, etc.). This translates, among other things, into mechanisms for vulnerability deduplication and an algorithm for "scoring" vulnerabilities from multiple and cross-origin sources. Hackuity orchestrates your detection arsenal, normalizes your results, centralizes your baselines and provides a harmonized risk measurement. Want some proof? Let's talk about it!




How does your solution help fix vulnerabilities?


Remediation teams thank Hackuity for: 1/ The standardization of collected vulnerabilities, which provides a standard format for describing vulnerabilities and remediation measures, regardless of the source. 2/ The enrichment of vulnerabilities with all the identified recommendations (editors, NVD, CTI, scanners, ...), but also with the Hackuity knowledge base. 3/ The native and bi-directional integration with workflows and tools (Jira, ServiceNow, ...), which facilitates the collaboration with CISOs and helps identify bottlenecks. 4/ Drastic reduction in the number of critical vulnerabilities, allowing to focus on the most important vulnerabilities and not noise. What about a PoC?




How do you deal with false-positives?


Several elements limit the loss of time related to false-positives: 1/ Standardization and deduplication of vulnerabilities, which allows you to cross-check the results of all your detection tools, sources and practices 2/ Historization of results, which guarantees that a false-positive qualified as such is not otherwise requalified by a third party source 3/ Confidence scores that can be attributed to the sources




How is performed orchestration? Who maintains the codes allowing the call of specific tools with Hackuity?


Orchestration is performed via API calls when our customers' tools and architectures allow it. For example, a scheduler can be used to schedule recurring scans. Hackuity ensures the development, maintenance and support of connectors with all the tools of its ecosystem.





More questions?