The first phase is the recon phase, where SWARM will use CANVAS recon modules in order to collect information about the target systems:
Immunity recommends you record the SWARM IPs in your IPS/IDS and any event tracking system, to prevent undue excitement in your incident response team.
Keep in mind that SWARM models the actions of a malicious Internet environment against your network periphery– everything that SWARM does is being done to your network every day
The second phase is the penetration testing phase, where SWARM will use the information collected in order to determine and verify vulnerabilities on the target systems. It does this by running CANVAS exploits:
SWARM focuses on the CANVAS exploits which allow for direct, remote access to remote servers – the very ones that pose the most risk to your organization. Immunity has a long history of penetration testing and these are the exploits we’ve found most applicable to a typical attack against a periphery.
Immunity personnel will monitor the actions of SWARM and are able to stop the scan at any time.
A default swarm can scan around a thousand IPs a minute, although this can be accelerated at additional cost for extremely time sensitive engagements.Data Mining
The Immunity team will then look over the data SWARM has gathered, to provide potential avenues for an additional SWARM run, with perhaps a new security check, or a different configuration. The database created is extremely useful for follow-on engagements which focus on newly emerging threats.Websiege Application Scanning
Additionally, a common follow-on engagement is to run WebSiege to find SQL Injection vulnerabilities in every publicly accessible web application.
Finally, a report is produced that explains our results and indicates possible courses of action.
Keep in mind that the time estimates given here can vary and depend on the behavior of your network.
For additional product questions, scheduling a demo or to purchase SWARM, please contact us:
By Phone: 786-220-0600 (Monday - Friday between 9am - 5pm Eastern Time)
Or Email: sales@immunityincdotcom.