Table of Contents
Are you absolutely certain that your critical assets are sufficiently tested? Can you prove it?
The Problem: Security Tests Rely on Trust Rather Than Proof
Too often, organizations invest in penetration tests and Bug Bounty programs without tangible proof of the testing effort or precise adjustment levers.
This outdated model is particularly critical in a DevOps environment, where new features are regularly put into production. Without exhaustive coverage and proof of in-depth testing, new vulnerabilities can be introduced, exposing organisations to major financial and reputational risks. Faced with the constant growth of attack surfaces, it becomes imperative to adopt a different approach.
Yogosha is changing the game with Activity Monitoring—the only platform that turns trust into certainty through data. You can now guarantee that all of your assets are tested continuously and in depth, and precisely manage the performance of your security programs.
It’s time to move from a trust-based model to a proof-based model.
The Solution: Traffic Collection via VPN
We collect the traffic of researchers when they pass through the Yogosha VPN. Our intelligent algorithm then processes this data to measure the activity on the tested assets.
Beyond the monitored traffic, we are capable of more comprehensively calculating the offensive activity time. This estimate includes, for example: time spent by researchers for scope discovery, writing vulnerability reports, and performing tests outside the VPN.
This is how Activity Monitoring allows you to get a precise view of the time invested by researchers in securing your assets.
In addition, all test traffic passes through a fixed IP, which allows you to easily identify tests carried out by our community of researchers, simplifying management and supervision.
Measure Your Assets’ Activity to Better Secure Them
Yogosha’s Activity Monitoring allows you not only to precisely measure the researchers’ engagement but also to activate the right levers to optimize the testing activity on your assets.
Our dashboard provides you with complete visibility to make the right decisions and guarantee flawless security.
The key indicators are:
- The number of active researchers who have tested your assets.
- The number of offensive activity hours, including the time estimated by our algorithm to measure the testing effort on your assets and the ROI of your operations.
- The number of requests made on the targets of your assets.
- The number of reports received, to compare your activity level with the vulnerabilities discovered.
Thanks to our key indicators, you can:
- Have an overall view of the activity on your assets.
- Obtain a comparative table of assets with their activity indicators.
- Access the daily detail of indicators to monitor variations in the activity level.
Yogosha is the only software editor to offer you such visibility on the market.
Ensure the Continuity and ROI of Your Security Tests
Access to this data allows you to evaluate the level of testing activity on your assets and make informed decisions to continuously improve your security posture. If the data reveals a drop in activity, you can, with the support of our Security Program Managers and our Managed Services, activate different levers:
- Rotate researchers to get a fresh look at your assets.
- Increase rewards to attract more researchers and stimulate competition.
- Update the testing scope to cover more areas, focus on critical assets, or less tested zones.
- Launch new operations to target specific assets (pentest, security checklist, red team, bug bounty, etc.).
As Mohammed Foudhaili, our Head of Security Programs, points out, this approach offers unprecedented visibility:
“Activity Monitoring allows the security program managers on the Yogosha team to have visibility on key indicators, thus giving them a good indicator of the attack resistance of our clients’ assets.
What’s even better is that it allows them to see which assets and IPs are the most tested and which require more attention. This way, we can guide the researchers to cover the risk areas to ensure up to 100% attack surface coverage.”
Thanks to Activity Monitoring, Yogosha allows you to boost the intensity of your security tests and maximize the return on investment (ROI) of your security programs.
FDJ, a Renowned Client Chooses Activity Monitoring
FDJ UNITED, one of the main gambling operators in Europe, has implemented 5 pentest programs, 10 Bug Bounty programs, and 1 VDP program with Yogosha.
This industry giant also relies on the Activity Monitoring feature, as confirmed by Jeremy Couture, CISO of FDJ United:
“The monitoring—it really helps us understand if the security programs are on the right or wrong track.”
Like FDJ, take control of your asset security. Use Activity Monitoring to guarantee comprehensive testing coverage and maximize your return on investment.
Ready to find out how?
FAQ
What is Activity Monitoring?
Yogosha’s Activity Monitoring is an important feature that allows you to measure and track the engagement of security researchers on your assets. It provides precise data, enabling you to activate the right levers to ensure continuous testing activity for your Bug Bounty and continuous pentest programs.
How does Activity Monitoring work?
Yogosha collects the traffic of security researchers via the Yogosha VPN. An intelligent algorithm then analyzes this data to measure the activity on the tested assets. Activity Monitoring also takes into account the estimated time for tests not performed via the VPN, as well as the estimated time for scope discovery and report writing ; this gives a complete view of the time spent securing your assets.
What are the main indicators provided by the Activity Monitoring dashboard?
Several key indicators are displayed on the dashboard:
- The number of active researchers who have tested your assets.
- The number of offensive activity hours, including the time estimated by our algorithm (based on the monitored activity) for a complete view of the time actually spent securing your assets.
- The number of requests made on the targets of your assets.
- The number of reports received, to compare your activity level with the vulnerabilities discovered.
How can I use these key indicators to improve the performance of my security tests?
These indicators allow you to evaluate the intensity and testing coverage so that you can adjust them as your needs evolve. If the activity is insufficient, you can increase the testing activity using several levers:
- Rotate researchers to get a fresh look at your assets.
- Increase rewards to attract more researchers and stimulate competition.
- Update the testing scope to cover more areas, focus on critical assets, or less tested zones.
- Launch new operations to target specific assets.
How does Activity Monitoring help improve the Return on Investment (ROI)?
By measuring the level of testing activity on your assets, you can identify risk areas and adjust your security programs accordingly. By boosting the intensity of tests (via researcher rotation, reward adjustments, etc.), you maximize the chances of finding vulnerabilities before they are exploited, which protects your company and optimizes your budgets.
