Cytix

Turning Development Data Into Testing Actions - A Deeper Look Into the Intelligence Engine

Deeper exploration of Cytix feature, the Intelligence Engine.
Thomas Ballin
4 minute read

An Introduction to the Intelligence Engine

The Intelligence Engine is the first feature within Cytix that makes up Continuous Testing Orchestration. Testing Orchestration and Vulnerability Management are the following features that make up the whole platform.

It is made up of multiple different technological advances (including AI and algorithms) in order to classify the change and to threat model, before identifying appropriate security testing actions to take.

At a high level, it is capable of ingesting event data (typically change data, like tickets / pull requests, produced during a standard SDLC) and egressing a testing sequence (made up of a summary of the change, list of potential vulnerabilities, and series of recommended testing actions).

The Cytix Platform Diagram
The Cytix Platform

What problem does the Intelligence Engine solve?

The problem

The standard approach for security testing of changes occurs after an application has reached a critical mass. This is typically followed by a “clinic” where development teams discuss the recent changes (often from memory) with a security consultant who performs a threat modelling exercise. The consultant identifies the need for security testing and commissions this through either a tool or a manual testing provider.

This process has room for human error and a large amount of inefficiency. But, more importantly, does not address every change individually at the time they’re introduced. This lack of granularity can lead to testing gaps and blindspots.

Moreover, this process is increasingly difficult to scale. And many organisations are simply unable to perform change-based testing due to resource and time. Instead they rely on testing at regular intervals which can leave vulnerabilities undiscovered for months.

The solution

Cytix allows businesses to shift testing to the left and test for vulnerabilities at the time development changes are happening. 

The Intelligence Engine automates the collation and standardisation of all this data and creates a list of dynamic testing actions. So businesses don’t need to allocate valuable resources to manually assessing multiple disparate data points and making sense of the varying data formats. It reduces employee burnout and gives them a scalable solution to map hundreds of thousands of events a day.

Once a business has this list of ordered testing actions, testing orchestration is carried out from within the next stage of the platform to complete automated continuous testing. 

Key metrics the Intelligence Engine improves

‍MTTD

The baseline for changes to be tested in most organisations is months. With Cytix, this is reduced down to hours or days (typically less than five), hugely reducing MTTD and the opportunity of vulnerabilities to be lingering in a system.

Summary

The Intelligence Engine is the first of three features that makes up Cytix, a Continuous Testing Orchestration Platform. The objective is to turn live development changes into dynamic testing actions, automatically.

It removes the manual process behind understanding what, where and how to test, reducing the time that changes are left un-tested within an environment.

To understand more on the Intelligence Engine's role in automating your continuous testing programme, book a demo with a member of our product team.

Cytix

Turning Development Data Into Testing Actions - A Deeper Look Into the Intelligence Engine

Deeper exploration of Cytix feature, the Intelligence Engine.
Thomas Ballin
3
min read

An Introduction to the Intelligence Engine

The Intelligence Engine is the first feature within Cytix that makes up Continuous Testing Orchestration. Testing Orchestration and Vulnerability Management are the following features that make up the whole platform.

It is made up of multiple different technological advances (including AI and algorithms) in order to classify the change and to threat model, before identifying appropriate security testing actions to take.

At a high level, it is capable of ingesting event data (typically change data, like tickets / pull requests, produced during a standard SDLC) and egressing a testing sequence (made up of a summary of the change, list of potential vulnerabilities, and series of recommended testing actions).

The Cytix Platform Diagram
The Cytix Platform

What problem does the Intelligence Engine solve?

The problem

The standard approach for security testing of changes occurs after an application has reached a critical mass. This is typically followed by a “clinic” where development teams discuss the recent changes (often from memory) with a security consultant who performs a threat modelling exercise. The consultant identifies the need for security testing and commissions this through either a tool or a manual testing provider.

This process has room for human error and a large amount of inefficiency. But, more importantly, does not address every change individually at the time they’re introduced. This lack of granularity can lead to testing gaps and blindspots.

Moreover, this process is increasingly difficult to scale. And many organisations are simply unable to perform change-based testing due to resource and time. Instead they rely on testing at regular intervals which can leave vulnerabilities undiscovered for months.

The solution

Cytix allows businesses to shift testing to the left and test for vulnerabilities at the time development changes are happening. 

The Intelligence Engine automates the collation and standardisation of all this data and creates a list of dynamic testing actions. So businesses don’t need to allocate valuable resources to manually assessing multiple disparate data points and making sense of the varying data formats. It reduces employee burnout and gives them a scalable solution to map hundreds of thousands of events a day.

Once a business has this list of ordered testing actions, testing orchestration is carried out from within the next stage of the platform to complete automated continuous testing. 

Key metrics the Intelligence Engine improves

‍MTTD

The baseline for changes to be tested in most organisations is months. With Cytix, this is reduced down to hours or days (typically less than five), hugely reducing MTTD and the opportunity of vulnerabilities to be lingering in a system.

Summary

The Intelligence Engine is the first of three features that makes up Cytix, a Continuous Testing Orchestration Platform. The objective is to turn live development changes into dynamic testing actions, automatically.

It removes the manual process behind understanding what, where and how to test, reducing the time that changes are left un-tested within an environment.

To understand more on the Intelligence Engine's role in automating your continuous testing programme, book a demo with a member of our product team.

Prioritise Your Testing Programme Around Your Development Schedule

Detect Vulnerabilities Faster
Patch Vulnerabilities Faste
Be more compliant
Book a Demo

Related Posts

Vulnerability Management
How do you understand performance over time?
In order to get to grips with the performance of your software or product over time, you really need to be taking incremental measurements of your cybersecurity.
Thomas Ballin
February 2, 2021
Security Testing
Automated penetration testing - 5 key business benefits
Automated penetration testing is becoming increasingly popular. But how does this compare to manual penetration testing? Understand the main key benefits.
Thomas Ballin
June 4, 2024
Vulnerability Management
Will there come a day where there are 0 vulnerabilities to find?
There's a growing potential for AI to remove many sources of vulnerabilities, but does that mean we're going to see a day where code is being written without any vulnerabilities being introduced into systems?
Thomas Ballin
June 4, 2024