Demo of the CyCognito Platform

See the CyCognito platform in action to understand how it can help you identify, prioritize and eliminate your most critical risks. 

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024. 

The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. 

 
Perspectives

Empowering Security Operations To Know Which Risks to Remediate First

Dima-Potekhin
By Dima Potekhin
CTO and Co-Founder
March 17, 2022

Four years ago Rob and I shared a belief that outside-in risk management was an essential part of a strong security posture. We started our journey building CyCognito by focusing on developing an unparalleled asset discovery solution that could give enterprise CISOs a comprehensive view of their attack surface. But we knew then, and it is still true today, that asset discovery without contextualization creates problems, not answers. Over the last 4 years we have added automated attribution, automated testing and remediation insights that help accelerate MTTR. 

Introducing CyCognito Exploit Intelligence

Today we are Raising the bar on External Attack Surface Management with exploit intelligenceWe are taking another big step towards our goal of reducing the asymmetry between attackers and defenders by adding an Exploit Intelligence (EI) solution to our EASM suite. We believe that tools like this can help the security team to get a down-to-earth attacker perspective.

Exploit Intelligence (EI) offers an end-to-end solution that prioritizes which risks to remediate immediately, before they are exploited, by proactively discovering external assets, testing vulnerabilities, and providing expert threat- plus risk-based insight.

Attackers don’t run passive vulnerability scanners; attackers use exploit kits that they can acquire on the dark-web or any other latest-and-greatest tools that they can put their hands on. Lately, attackers are often sponsored – either directly or indirectly – by nation states that tend to focus on certain technologies, methods or targets. Practicality, fads, and “fashion” often dictate the most exploited vulnerabilities at any point in time and not the more “academic” CVSS scoring system view that is the focus of most security team’s programs. We believe that viewing that attack surface through this “street-level” lens is a must for a modern security team.

A Comprehensive Intelligence Layer

We believe that such a product must have several complementing capabilities. At the heart of EI lies a comprehensive intelligence layer that we add on top of all the different security risks that we find in the attack surface: data such as real-world exploit availability, current exploitation commonality and the potential damage that a real attacker might cause. We even provide details on how to actually run a real exploit on a real asset, so the security team can actually (safely) try it out!

A second key ingredient is curating and providing up-to-date security advisories from vendors (e.g CISCO, VMware) and government and security agencies (e.g CISA, NSA, CIA & FBI). In addition, we significantly upgraded our internal risk detection infrastructure in order to add extra precision and insights on the most common vulnerabilities and to provide “positive detection,” meaning answering the question: when exactly did we validate that a certain asset does not have a specific vulnerability? Now it’s even easier, given an advisory, to see which assets are protected and which are not!

The Log4j crisis really highlighted the value of the Exploit Intelligence approach. Most organizations lacked the insights to know how they were affected or what immediate steps to take in light of Log4j. We released a Log4j Exploit Intelligence Advisory during our Beta phase, and one customer remarked that with the insights they saw, our product had just paid for itself in terms of time, manual effort and stress reduction. 

Bringing Security Teams Closer to the Attackers

Exploit Intelligence is another step in bringing security teams closer to the attackers, and empowering Security Operations, Risk and IT teams with tools that only pen testers and red teams used to have. Significant product, research, and engineering efforts went into building these capabilities and I’m really proud of what we’ve done! 

This is only the beginning, please stay tuned for our next innovation update. Reach out if you would like us to show you how we can help focus your security teams on remediating what matters!


Topics



Search the Blog



Recent Posts








Top Tags



CyCognito Research Report

State of External Exposure Management, Summer 2024 Edition

State of External Exposure Management, Summer 2024 Edition

Download the report now to stay ahead of emerging threats and strengthen your organization’s security posture for 2024.

O'Reilly Report

Moving from Vulnerability Management to Exposure Management

Moving from Vulnerability Management to Exposure Management

Download the report to learn about the historical trends behind the emergence of exposure management, how to develop a strategic plan and assemble a team to smoothly transition frameworks, and example tech stacks to consider for your organization.

Request a Free Scan

See Exactly What Attackers See

Get a Free Scan of Your Attack Surface

Get a free scan of your attack surface and gain valuable insight into your organization's risk posture by allowing CyCognito to discover, contextualize, and test externally exposed assets on a portion of your parent company or a single subsidiary.