Empowering Security Operations To Know Which Risks to Remediate First

Four years ago Rob and I shared a belief that outside-in risk management was an essential part of a strong security posture. We started our journey building CyCognito by focusing on developing an unparalleled asset discovery solution that could give enterprise CISOs a comprehensive view of their attack surface. But we knew then, and it is still true today, that asset discovery without contextualization creates problems, not answers. Over the last 4 years we have added automated attribution, automated testing and remediation insights that help accelerate MTTR. 

Today we are Raising the bar on External Attack Surface Management with exploit intelligence. We are taking another big step towards our goal of reducing the asymmetry between attackers and defenders by adding an Exploit Intelligence (EI) solution to our EASM suite. We believe that tools like this can help the security team to get a down-to-earth attacker perspective.

Exploit Intelligence (EI) offers an end-to-end solution that prioritizes which risks to remediate immediately, before they are exploited, by proactively discovering external assets, testing vulnerabilities, and providing expert threat- plus risk-based insight.

Attackers don’t run passive vulnerability scanners; attackers use exploit kits that they can acquire on the dark-web or any other latest-and-greatest tools that they can put their hands on. Lately, attackers are often sponsored – either directly or indirectly – by nation states that tend to focus on certain technologies, methods or targets. Practicality, fads, and “fashion” often dictate the most exploited vulnerabilities at any point in time and not the more “academic” CVSS scoring system view that is the focus of most security team’s programs. We believe that viewing that attack surface through this “street-level” lens is a must for a modern security team.

We believe that such a product must have several complementing capabilities. At the heart of EI lies a comprehensive intelligence layer that we add on top of all the different security risks that we find in the attack surface: data such as real-world exploit availability, current exploitation commonality and the potential damage that a real attacker might cause. We even provide details on how to actually run a real exploit on a real asset, so the security team can actually (safely) try it out!

A second key ingredient is curating and providing up-to-date security advisories from vendors (e.g CISCO, VMware) and government and security agencies (e.g CISA, NSA, CIA & FBI). In addition, we significantly upgraded our internal risk detection infrastructure in order to add extra precision and insights on the most common vulnerabilities and to provide “positive detection,” meaning answering the question: when exactly did we validate that a certain asset does not have a specific vulnerability? Now it’s even easier, given an advisory, to see which assets are protected and which are not!

The Log4j crisis really highlighted the value of the Exploit Intelligence approach. Most organizations lacked the insights to know how they were affected or what immediate steps to take in light of Log4j. We released a Log4j Exploit Intelligence Advisory during our Beta phase, and one customer remarked that with the insights they saw, our product had just paid for itself in terms of time, manual effort and stress reduction. 

Exploit Intelligence is another step in bringing security teams closer to the attackers, and empowering Security Operations, Risk and IT teams with tools that only pen testers and red teams used to have. Significant product, research, and engineering efforts went into building these capabilities and I’m really proud of what we’ve done! 

This is only the beginning, please stay tuned for our next innovation update. Reach out if you would like us to show you how we can help focus your security teams on remediating what matters!