Synack Autonomous Red Agent (Sara) Triage is a new offering from Synack. It combines integration with popular vulnerability management scanners like Tenable One and Qualys with the power of agentic AI vulnerability triage to confirm exploitability (or filter out non-exploitable noise) of scanner findings. Scanning, while important for monitoring the broad attack surface, can be voluminous and produce false positive or lower criticality information. Synack’s exploitability analysis determines which vulnerabilities could actually be exploited by bad actors, versus which could be thwarted by customer security defences, or merely be informational in nature.
Sara Triage currently integrates with Tenable One Vulnerability Management and Qualys Vulnerability Management. Scanner findings from either are imported into the Synack Penetration Testing as a Service (PTaaS) platform, where they can be sorted and filtered, and the most critical findings submitted to Sara Triage for exploitability analysis, remediated, then verified in the Synack PTaaS platform.
The following steps show an example of workflow, to illustrate how Sara Triage works. We’ll use Qualys in this example.
Step 1 – Import Scanner Results From Qualys Vulnerability Management
Sara Triage needs a source of data to start from. With Synack’s Qualys Integration, scanner findings from Qualys Vulnerability Management are imported into the Synack platform.
Step 2 – Examine And Filter Scanner Findings In the Synack Platform
Scanner findings from Qualys can be filtered and sorted by criteria such as vulnerability Severity and Asset. This helps narrow the scope of scanning findings to a list with higher relevance.
Step 3 – Select And Submit Desired Scanner Findings For Triage
Scanner Findings can be selected individually or in bulk, then the ‘Submit for Sara Triage’ button is clicked to send them to the Sara Triage Agentic AI for exploitability analysis.
Step 4 – Separate Signal From Noise With Sara Triage Results
Once Agentic AI Sara Triage is completed, results will come back indicating ‘Exploitable’, ‘Not Exploitable’, ‘Unreachable’, ‘Out of Scope’, or ‘Not Applicable’. ‘Exploitable’ findings undergo additional human-led review by Synack, to reduce false positives or duplicates. Filters can be applied to highlight the most urgent findings, which are typically the ‘Exploitable’ ones.
Step 5 -Remediate Faster With Evidence On All Exploitable Vulnerabilities
Below is an example of analysis provided on a scanner finding deemed by Sara Triage to be Exploitable by real world bad actors. Specific recommendations to remediate SSH security gaps on the server asset are provided.
Step 6 – View All Exploitable Vulnerabilities In One Place
Sara Triage Exploitable vulnerabilities are moved to the Synack Exploitable Vulnerabilities page, which highlights all vulnerabilities which Synack has determined can be exploited by bad actors. Exploitable vulnerabilities can be managed through Synack’s vulnerability management workflow steps including pending review, patch pending, and closed-fixed.
Step 7 – Once Remediation Is Complete, Submit To Synack For Patch Verification
For example, once a customer has remediated the vulnerability based on the Exploitable Vulnerability recommendations, the customer can send ‘Request Patch Verification’ to Synack to re-test the vulnerability.
Sara Triage provides an easy way to separate signal from noise in your vulnerability management program. By filtering for exploitable vulnerabilities, you can prioritize impactful vulnerabilities that matter to your security program. Once Sara Triage runs, you’ll instantly receive exploitability status and remediation guidance in the Synack platform, directly reducing MTTR timeframes and limiting overall vulnerability management workload.
See Sara Triage in Action. Book Your Demo Today.
