Getting started with Autobahn Fit
      Back to home
      1. Knowledge Base
      2. Getting started with Autobahn Fit

      First steps with Autobahn Fit

      Your Cyber Fitness Journey starts today

      Welcome to Autobahn Fit!

      Whether you're a seasoned security professional or just starting out, Autobahn Fit offers a powerful suite of tools to identify and address vulnerabilities in your web applications. This article will walk you through the initial setup process, including managing your account settings, launching your first scan, and interpreting the results to gain valuable insights into your organization's security posture.

      Your first steps

      1. Whitelist our scanning IPs

      2. Install your internal probe

      3. Run your first scan

      4. Integrate additional data sources

      5. Analyse your first results

      1. Whitelist our scan IPs

      Whitelisting creates an exception for our scanner IPs, allowing them to scan your network without being blocked and ensuring visibility over all your assets.

      • If you want to run internal scans, whitelisting is mandatory.
      • Even if you want to run only external scans, it is greatly recommended. We need the scanner to be able to see all your devices, services, and potential vulnerabilities - so you can proactively fix these issues in case your security tools are ever breached.

      Find the full list of IPs here.

      2. Install your internal probe

      The internal probe acts as your Autobahn Fit sensor within your network, collecting valuable security data. You will likely have received a personalization code in your onboarding email - if you haven't, reach out to your Customer Success Manager or to support@autobahn-security.com 

      The full installation guide is available here.

      3. Run your first scan

      When running your first scan, you will likely ask yourself the following questions:

      • How do I split my scans? Do I create multiple scans for each of my locations, or do I create one that includes everything? This depends on you. We usually recommend creating multiple scans, since that will give you a greater degree of granularity.
      • Do I have full reachability for my internal scans? If you have done the whitelisting properly, you should be able to reach 

      You can find a user guide detailing the steps for creating a scan here.

      It takes a minimum of two hours for a scan to finish, and it takes longer depending on the size of your target scope. You can track the status of your scan under Scanning --> All Scans.

      But don't worry - once the scan is finished, you will receive an email notification!

      4. Integrate additional data sources

      Autobahn Fit goes beyond just scanning your infrastructure. To give you a holistic view of your security posture, it allows integration with various vulnerability scanners and cloud providers.

      • This means you can incorporate vulnerability data from sources like MSDE, Cisco, Nessus, and Tenable alongside your Autobahn Fit scans.
      • Additionally, you can connect your cloud security providers, such as AWS, Azure, and GCP, to pull assets and seamlessly run scans directly on them.

      This comprehensive approach empowers you to centralize your security data and gain a unified view of the vulnerabilities of your entire organization.

      For detailed instructions on setting up these integrations, refer to the user guides in this Knowledge Base.

      5. Analyse your first results

      Your first scan is now finished, and now it's time to dig into your data. You can get a first glimpse into your security posture from your Cyber Fitness Dashboard.

      The Dashboard gives you an overview of your overall security posture and your next best actions by showcasing:

      • Your company’s current Hackability score, and a graph of your Hackability score over time. The timeline can give you a glimpse of how your cyber posture is improved (or deteriorated) in the last six months. In your case, if it's your first scan, you will see a single data point.

      • Summary of Workouts sorted by their importance and impact on your organization’s cyber-health, so you can prioritize your actions based on their impact.

      • Total number of individual issues detected in all your organization’s assets, grouped by their status and severity.

      • List of most hackable hosts (or in other words, most at-risk assets) sorted by their Hackability, so you and your team can promptly secure assets based on how prone they are to attacks.

      You can also create custom dashboards to create separate views per subsidiary, or business unit, by selecting certain scans or assets. You can make these dashboards visible only to yourself, or to your entire organization's administrators.

      What is considered a good Hackability Score? While we always recommend lowering it as much as possible, getting a Hackability Score of zero is unattainable. We have the following score ratings:

      • Unsatisfactory: > 70
      • Improvement needed: 26 – 69
      • Satisfactory: 10 – 25
      • World class: < 10

      Now you know where to start

      The ultimate goal is to lower your Hackability Score. To do that, focus on the highest-ranking Workouts in your Dashboard or your Workout page.

      Now let's start working on remediation!