First steps with Autobahn Fit

Your Cyber Fitness journey starts today

Welcome to Autobahn Fit!

Whether you're a seasoned security professional or just starting out, Autobahn Fit offers a powerful suite of tools to identify and address vulnerabilities in your web applications. This article will walk you through the initial setup process, including managing your account settings, launching your first scan, and interpreting the results to gain valuable insights into your organization's security posture.

Your first steps

1. Whitelist our scanning IPs

2. Install your internal probe

3. Run your first scan

4. Integrate additional data sources

5. Analyse your first results

1. Whitelist our scan IPs

Whitelisting creates an exception for our scanner IPs, allowing them to scan your organization's network(s) without being blocked and ensuring visibility over all your assets.

  • If you want to run internal scans, whitelisting is mandatory.
  • Even if you want to run only external scans, it is greatly recommended. We need the scanner to be able to see all your devices, services, and potential vulnerabilities - so you can proactively fix these issues in case your security tools are ever breached.

Find the full list of IPs here.

2. Install an internal probe

The internal probe acts as your Autobahn Fit sensor within your organization's network(s), collecting valuable security data. You will likely have received a personalization code in the onboarding email - if you haven't, reach out to your Customer Success Manager or to support@autobahn-security.com 

The full installation guide is available here.

3. Run your first scan

When running your first scan, you will likely ask yourself the following questions:

  • How do I split my scans? Do I create multiple scans for each of my locations, or do I create one that includes everything? This depends on you. We usually recommend creating multiple scans, since that will give you a greater degree of granularity.
  • Do I have full reachability for my internal scans? If you have done the whitelisting properly, you should have full reachability. 

You can find a user guide detailing the steps for creating a scan here.

It takes a minimum of two hours for a scan to finish, and it takes longer depending on the size of your target scope. You can track the status of your scan under Scanning --> All Scans.

But don't worry - once the scan is finished, you will receive an email notification!

4. Integrate additional data sources

Autobahn Fit goes beyond just scanning your infrastructure. To give you a holistic view of your organization's security posture, it allows integration with various vulnerability scanners and cloud providers.

  • This means you can incorporate vulnerability data from sources like MSDE, Cisco, Nessus, and Tenable alongside your Autobahn Fit scans.
  • Additionally, you can connect your organization's cloud security providers, such as AWS, Azure, and GCP, to pull assets and seamlessly run scans directly on them.

This comprehensive approach empowers you to centralize your security data and gain a unified view of the vulnerabilities of your entire organization.

For detailed instructions on setting up these integrations, refer to the user guides in this Knowledge Base.

5. Analyse the first results

Your first scan is now finished, and now it's time to dig into your data. You can get a first glimpse into your organization's security posture from your Cyber Fitness Dashboard.

The Dashboard gives you an overview of your organization's overall security posture and your next best actions by showcasing:

  • Your organization’s current Hackability Score, and a graph of your Hackability Score over time. The timeline can give you a glimpse of how your cyber posture improved (or deteriorated) in the last six months. If it's your first scan, you see a single data point.

  • Summary of Workouts sorted by their importance and impact on your organization’s cyber-health, so you can prioritize your actions based on their impact.

  • Total number of individual issues detected in all your organization’s assets, grouped by their status and severity.
  • List of most hackable hosts (or in other words, most at-risk assets) sorted by their Hackability, so you and your team can promptly secure assets based on how prone they are to attacks.

You can also create custom dashboards to create separate views per subsidiary, or business unit, by selecting certain assets, asset tags, or scans. You can make these dashboards visible only to yourself, or to your entire organization's administrators.

What is considered a good Hackability Score? While we always recommend lowering it as much as possible, getting a Hackability Score of zero is unattainable. We have the following score ratings:

  • Unsatisfactory: > 70
  • Improvement needed: 26 – 69
  • Satisfactory: 10 – 25
  • World class: < 10

Now you know where to start

The ultimate goal is to lower your Hackability Score. To do that, focus on the highest-ranking Workouts in your Dashboard or your Workout page.

Now let's start working on remediation!