Path of Least Resistance - POLaR
The fact is, many organizations currently have unmonitored, unprotected exposures that will provide a convenient “path of least resistance” for attackers. Once discovered, these paths enable attackers to successfully penetrate a network, system or application. Depending on the attacker’s objectives, these externally exposed business resources are at risk of compromise, theft, impairment or manipulation. In this time of fast-paced, dynamic digital business initiatives, areas of “shadow risk” frequently occur, and attackers are adept at finding them while simultaneously alluding most security tools and procedures.
Security and IT organizations are well aware of the challenges and prevalence of shadow IT by digitally empowered employees, and how these become enmeshed with the company’s own sanctioned IT. Most are still surprised by the actual number of these systems in use, sometimes an order of magnitude greater than what one might have expected. Similarly, the volume of externally accessible assets is almost always far larger than security or IT leaders might surmise.
The majority of security products, programs and procedures, including ongoing security testing and assessments, revolve around known assets and infrastructure. But CISOs and other executives frequently tell us that one thing that keeps them up at night are the unknowns: “What is not monitored or protected? What could be commandeered to undermine security or the business?”
Answering these questions requires an outside-looking-in vantage that needs to be coupled with risk analysis and prioritization so that high-risk, business-critical findings take priority. And, because of the pace of change for most companies, these questions also need to be answered frequently, so having an automated capability that does not require input from an already stretched security team is important. This, in essence, is what we have done with the CyCognito platform and what contributed to this significant recognition.
*Source: Gartner, Cool Vendors in Cyber and IT Risk Management, Jie Zhang, Elizabeth Kim, Neil MacDonald, 1 October 2020.
The GARTNER COOL VENDOR badge is a trademark and service mark of Gartner, Inc. and/or its affiliates and is used herein with permission. All rights reserved. Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s Research & Advisory organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.