The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
GigaOm Radar for Attack Surface Management

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. 

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us

The knowledge you need to manage and protect your attack surface.

What's New Blog

Research Results: The Challenges With Pen Testing for Cybersecurity

By Raphael Reich
Vice President of Marketing
May 5, 2021

Penetration testing is one of the most well-known tools security teams use to defend against attackers and keep their organizations secure. But it’s also a technology from another century: penetration testing has its origins in the late 1960’s. 

Does pen testing still make sense in an era of digital transformation, where even the largest, most traditional companies are reinventing themselves to be digital-first businesses? The very same world where attackers take the path of least resistance to breach business data and applications, using weaknesses in overlooked and internet-exposed assets?

We wanted to understand the answer to those questions, so we worked with Dark Reading to survey over 100 large organizations about their penetration testing practices and perceptions, to see what they truly think about pen testing effectiveness for the modern IT ecosystem. Short answer: respondents at these organizations think that pen tests have huge blind spots, are done too infrequently, and are too expensive to be very effective as a security solution – despite the fact that they rely on them for exactly that.

We uncovered those insights (and more) by commissioning Dark Reading to survey security and IT professionals involved closely with penetration testing: from CISOs and CIOs to IT and security directors to security architects and pen test leads. 

Here are some highlights of what we uncovered:

Why do organizations pen test?

  • 70% to measure the organization’s security posture
  • 69% for breach prevention
  • 65% to ensure compliance with regulatory mandates

The biggest concerns with penetration testing? 

  • 60% say they get only limited test coverage and have too many blind spots
  • 47% report that their penetration tests only help them detect known threats, not new or unknown ones
  • 44% described the cost-per-asset tested as being too high

How much do organizations spend on pen testing annually? 

  • 12/% spend more than $1 million
  • 8% spend $500,001 to $1 million
  • 10% spend 250,001 to $500,000

That’s 30% of large organizations spending a quarter of a million dollars or more a year on penetration testing.

It’s probably not that surprising to anyone in the security industry that there are so many concerns with penetration testing as a solution for securing organizations. It’s a bit more surprising that with all those shortcomings and with such a large price tag, organizations continue to count on them to ensure they are secure. Based on the results of the research, it seems clear that penetration tests are simply not cut out for today’s new and emergent threat landscape or digital transformation.

Abandoning penetration testing may simply not be a viable approach for many organizations. But, every organization can get a great deal more value from their penetration testing investments by shifting a significant portion to an external attack surface management (EASM) solution. EASM platforms like the CyCognito platform provide a comprehensive, continuous, more cost-effective approach that will discover and help them secure their entire internet-exposed attack surface. 

Read the full report for additional findings and further detail on how the challenges with the cost, coverage, and cadence of penetration tests hinder their effectiveness in measuring security posture and preventing breaches.   


Recent Posts

Top Tags

CyCognito Research Report

State of External Exposure Management

State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk.

Dummies Book

External Exposure & Attack Surface Management For Dummies

External Exposure & Attack Surface Management For Dummies

As your attack surface has grown to cloud infrastructures and across subsidiaries, attackers are looking for and finding unknown and unmanaged assets to serve as their entry points.

Interactive Demo

Ready to Rule Your Risk?

Request a personalized walkthrough of the CyCognito platform to see how we can help your company identify all its internet-exposed assets, focus on which are most vulnerable to attacks, and accelerate your time to remediating critical risks.